Reverse Proxy
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://ipfyi.com/iframe/glossary/reverse-proxy/" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://ipfyi.com/glossary/reverse-proxy/Add a dynamic SVG badge to your README or docs.
[](https://ipfyi.com/glossary/reverse-proxy/)Use the native HTML custom element.
Definition
A server that sits in front of backend servers, forwarding client requests and returning responses on their behalf. Used for SSL termination, load balancing, caching, and hiding the origin server's identity.
What a Reverse Proxy Does
A forward proxy acts on behalf of clients, hiding their identities from servers. A reverse proxy does the opposite — it accepts requests on behalf of one or more backend servers, forwarding them internally and returning the response to the client. From the client perspective it is talking directly to a single Public IP AddressA globally unique IP address assigned by an ISP that is routable on the public internet. Every device directly accessible from the internet must have a public IP address. address; the backend topology is invisible. This makes reverse proxies central to microservice architectures, where dozens of internal services must appear as a unified API surface.
Core Use Cases
SSL/TLSSecure Sockets Layer / Transport Layer Security. Cryptographic protocols that provide encrypted, authenticated communication over a network. SSL is deprecated; modern implementations use TLS 1.2 or TLS 1.3. termination is the most common application: the reverse proxy holds the certificate, decrypts HTTPS traffic, and forwards plain HTTP to backends, removing the burden of certificate management from individual services. Compression, response buffering, and static file serving are also handled at the proxy tier before requests ever reach application code. Combined with Load BalancerA device or service that distributes incoming network traffic across multiple backend servers to ensure no single server is overwhelmed. Improves availability, reliability, and scalability of web applications. capabilities — Nginx and HAProxy both serve both roles — a reverse proxy can distribute traffic across backend pools while enforcing rate limits and blocking malicious requests.
Security and Observability
Placing a reverse proxy in front of backends shields internal Private IP AddressAn IP address from reserved ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) used within local networks. Private addresses are not routable on the public internet and require NAT for external communication. addresses from exposure. All inbound traffic passes through a single choke point where FirewallA network security device or software that monitors and filters incoming and outgoing traffic based on predefined rules. Firewalls can block traffic by IP address, port number, protocol, or application-layer content. rules, WAF rulesets, and access logging can be applied uniformly. Use HTTP Header Analyzer to verify that the proxy is correctly forwarding X-Forwarded-For headers so backend applications see the real client IP rather than the proxy address.