The latest insights from the load balancing experts | Loadbalancer.org
  • Support
  • Blog
  • +1 833 274 2566
  • Solutions
  • Services
  • Products
  • Resources
  • Get Started
  • Support
  • Blog
Schedule your demo
  • Solutions
  • Services
  • Products
  • Resources
  • Get Started
  • Support
  • Blog

The latest insights from the load balancing experts | Loadbalancer.org

  • Latest posts
  • By topic
    • How Tos
    • Events
    • Guest Blogs
    • Top Ten Blogs
    • HA Proxy
  • By sector
    • Healthcare
    • Storage
    • Security
    • Print
    • Microsoft
  • How-To's
  • HAProxy
  • High Availability
  • Just for Fun
  • Security
  • Events
  • News
  • Linux
  • Top 10 Blogs
  • Amazon AWS
  • Reviews and Comparisons
  • Healthcare
  • SSL
  • Web Application Firewall (WAF)
  • Case Studies
  • Microsoft Azure
  • Disaster Recovery
  • Direct Server Return (DSR)
  • Global Server Load Balancing (GSLB)
  • Microsoft
  • Microsoft Exchange
  • Print
  • Denial of Service
  • Microsoft Remote Desktop Services
  • Object Storage
  • Web Filters / Proxy
  • Broadcast Media
  • X-Forwarded-For Header (XFF)
  • Guest Blogs
  • VMware
  • Google Cloud Platform (GCP)
  • Nutanix
See more tags

What exactly is a Reverse Proxy?

20 April 2017 / 3 min read / Web Filters / Proxy

"I don't think we can use your load balancer, because it's not a reverse proxy..." said the slightly confused reseller.

Which got me thinking, maybe I should write a blog about the difference between a Reverse Proxy Server and a Forward Proxy Server?

For that matter - what is a Reverse Proxy Server?

Wikipedia describes a Reverse Proxy Server as:

"In computer networks, a reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client like they originated from the proxy server itself.[1] ... a reverse proxy is an intermediary for its associated servers to be contacted by any client."

But I think I have a far simpler description: Reverse Proxy Server = Load Balancer

It kind of shows the irony in the resellers comments about our load balancer not being a reverse proxy doesn't it?

So what is a Forward Proxy Server then?

Wikipedia describes a Forward Proxy Server as:

"In computer networks, a proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers.[1] A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity."

But again I think I have a far simpler description: Forward Proxy Server = Web Filter

Quite often you will use a load balancer in front of a bunch of web filters and we specialise in these kind of large scale deployments for all the big web filter vendors.

When is a load balancer not a Reverse Proxy?

Technically, the only mode on a load balancer that is a real Reverse Proxy is Layer 7 mode. Whereas all Layer 4 load balancing modes such as NAT, DR and TUN are nothing like a reverse proxy. The clients are effectively talking directly (transparently) to the backend servers.

Is a Reverse Proxy more secure than a layer 4 load balancer?

The short answer is NO!

A Reverse Proxy is still sending all of your requests to the real servers so any application security issues are still easily exploitable.

This is one of the many reasons why Microsoft dropped TMG, because it was effectively a pointless solution.
The one semi-useful feature on TMG to most IT Managers was the ability to allow single user sign on for multiple applications, but Microsoft rightly decided that actually, SSO in itself is a serious security risk (single bastion host on the edge of the network with access to all of the passwords on the network anyone?).

But back to the thing I really hated about TMG - Forcing you to use a DMZ! Arrrggghhhh!!!!!!

Look in an enterprise network, a DMZ is a potentially sensible thing to use, possibly even essential. Sean Wilkins wrote a good description of DMZs here

BUT with TMG you are forced to put yet another DMZ inside your original DMZ for no reason!

The 'too many DMZs problem' happens a lot with load balancer installations as well, every single server cluster ends up in its own DMZ - because someone thought it was a good idea...
Some people even think that the load balancer won't work unless it is the default gateway for your servers with at least two subnets....

So what happens when someone moves a perfectly good application cluster, from its perfectly good and well designed DMZ behind a load balancer?

Everyone loses access to the new and unnecessary DMZ..
and who are they going to blame?
Yes, that's right the load balancer vendor :-).

Please, please, please for the sanity of your engineers consider the idea of putting your load balancers in one-arm mode and NOT a two-arm DMZ.

DMZ-comic-final

The cartoon above illustrates the classic example of what engineers do when faced by a DMZ access problem - run a cable to the other side. I've seen this happen a thousand times.

Feel free to leave me a comment and tell me I'm talking rubbish (as usual). Thanks.

Want to quickly see how simple it is to set up a new load balanced cluster?

Found in

Web Filters / Proxy, Top 10 Blogs

About the author

Aaron West-profile-image
Aaron West

Coming from a background assisting companies large and small to get the most from open source solutions. Aaron found joining the support team at Loadbalancer.org a natural progression. Aaron’s interests include distro-hopping, B Movies and quality time spent with his family.

Read More

Related posts

Web Filters / Proxy
Web Filters / Proxy
22 Jul 2019
Anatomy of a partnership: Working and learning with Smoothwall Aaron West
Loadbalancer.org’s evolving approach to partnerships reflects what’s at the heart of our ethos. The human element builds understanding, and the better we can understand our partners, the better we can meet their needs.

3 min read

Read more
Web Filters / Proxy
Web Filters / Proxy
14 Jun 2017
Transparent vs Explicit proxy — which method should I use? Neil Hosking
Different vendors have widely different opinions on which method should be used to deploy web filters or SWGs (secure web gateways). Historically, vendors struggled to implement authentication in Transparent mode, and maybe they remember some

5 min read

Read more
Case Studies
Case Studies
11 May 2017
Leading European research university maintains top-class website with Loadbalancer.org Jake Borman
One of Europe’s leading research universities, Eindhoven University of Technology, has called on Loadbalancer.org to ensure that its main website - where students, researchers and businesses first interact with the University – is highly

4 min read

Read more

Get started

Get in touch

Start a conversation about the right solution for your business.

Get in touch

Create your quote

Transparent pricing you can see straight away.

Create your quote

Download now

Try us free for 30 days – see why our customers love us.

Download now

Schedule a virtual meeting with us

Working remotely or from home? Let’s meet on a call or online.

Let's meet

Follow Loadbalancer.org

+1 833 274 2566
  • Company
    • Solutions
    • Services
    • Load balancer
    • Why Loadbalancer.org
    • Blog
    • Professional services
    • Sitemap
  • Load balancer
    • Get a quote
    • Free trial
    • Online demo
  • Resources
    • Manuals
    • Deployment guides
    • Applications
    • White papers
    • Case studies
    • Solutions
  • Support
    • FAQ's
    • Open a ticket
    • Security news
  • Applications
    • Healthcare
    • Storage
    • Print
    • Security
    • Microsoft
The latest insights from the load balancing experts | Loadbalancer.org

The latest insights from the load balancing experts | Loadbalancer.org. All rights reserved

  • Contact Us
  • Terms & Conditions
  • Privacy Policy