Forward, Reverse Proxy, Load Balancer

---

What is a Proxy?

A proxy is a middleman server that sits between clients and servers. Think of it as an intermediary that handles requests on behalf of someone else.

Real-world analogy: A proxy is like a personal assistant:

• You tell your assistant what you need

• The assistant goes and gets it for you

• The assistant brings it back to you

• The other person only interacts with your assistant, not you directly

Forward Proxy: Your Representative

A forward proxy acts on behalf of clients (users). It sits between you and the internet.

How Forward Proxy Works

Step-by-step:

1. You want to visit www.youtube.com

2. Your request goes to the forward proxy first

3. The proxy makes the request to YouTube on your behalf

4. YouTube sees the proxy's IP address, not yours

5. The proxy receives the response

6. The proxy sends the response back to you

Forward Proxy Use Cases

1. Privacy/Anonymity

• Hide your IP address from websites

• Browse anonymously

• Example: VPN services

2. Content Filtering

• Companies blocking social media during work hours

• Schools blocking inappropriate websites

• Parental controls

3. Bypass Geographic Restrictions

• Access content blocked in your country

• Watch region-locked streaming content

4. Caching

• Proxy caches frequently accessed content

• Saves bandwidth and speeds up access

• Example: 100 employees visiting same news site

5. Security

• Scan outgoing traffic for malware

• Enforce security policies

• Log and monitor internet usage

Real-World Example: Corporate Forward Proxy

Employee types: facebook.com

1. Request → Forward Proxy
2. Proxy checks policy: "Facebook blocked during work hours"
3. Proxy returns: "Access Denied"
4. Employee never reaches Facebook

OR

Employee types: stackoverflow.com

1. Request → Forward Proxy
2. Proxy checks policy: "Allowed"
3. Proxy forwards to stackoverflow.com
4. Response returns through proxy
5. Proxy may cache the page
6. Employee sees the page

---

Reverse Proxy: Server's Representative

A reverse proxy acts on behalf of servers. It sits in front of web servers and handles requests coming in.

How Reverse Proxy Works

Step-by-step:

1. User requests www.example.com

2. DNS points to the reverse proxy's IP address

3. The proxy receives the request

4. The proxy decides which backend server should handle it

5. The proxy forwards the request to that server

6. The server processes and responds to the proxy

7. The proxy sends the response back to the user

Important: The user never knows about the backend servers!

Reverse Proxy Use Cases

1. Load Balancing

• Distribute traffic across multiple servers

• Prevent any single server from being overwhelmed

2. SSL/TLS Termination

• Handle HTTPS encryption/decryption at the proxy

• Backend servers don't need to deal with SSL

• Reduces server load

3. Caching

• Cache static content (images, CSS, JavaScript)

• Reduce load on backend servers

• Faster response times

4. Security

• Hide backend server details

• DDoS protection

• Web Application Firewall (WAF)

• Single point for security updates

5. Compression

• Compress responses before sending to clients

• Reduce bandwidth usage

6. URL Routing

example.com/api     → API Server (Port 3000)
example.com/blog    → Blog Server (Port 4000)
example.com/shop    → Shop Server (Port 5000)

Real-World Example: Netflix Reverse Proxy

User requests: netflix.com/watch/movie123

1. DNS resolves to reverse proxy (Cloudflare)
2. Reverse proxy checks cache
   → If cached: Return immediately
   → If not cached: Continue
3. Proxy forwards to nearest Netflix server
4. Server streams video
5. Proxy may cache chunks for other users
6. User watches movie

Benefits:
- User gets fastest possible server
- DDoS attacks blocked at proxy level
- Backend servers stay hidden and secure

---

Load Balancer: Smart Traffic Director

https://blog.algomaster.io/p/how-load-balancers-actually-work

A load balancer is a specialized type of reverse proxy that focuses on distributing traffic efficiently across multiple servers.

Load Balancing Algorithms

Load balancers use different strategies to distribute traffic:

1. Round Robin

• Distributes requests in rotation

• Server 1 → Server 2 → Server 3 → Server 1...

• Simple but doesn't consider server load

2. Least Connections

• Sends request to server with fewest active connections

• Better for long-lived connections

3. Least Response Time

• Routes to server with fastest response time

• Optimal performance

4. IP Hash

• Same client IP always goes to same server

• Maintains session consistency

5. Weighted Round Robin

• More powerful servers get more traffic

• Example: Server 1 (2x), Server 2 (1x), Server 3 (1x)

6. Random

• Randomly selects a server

• Works well with many servers

Load Balancer Types

Layer 4 (Transport Layer)

• Routes based on IP address and TCP/UDP port

• Faster, simpler

• Can't see HTTP content

• Example: TCP/UDP load balancing

Layer 7 (Application Layer)

• Routes based on HTTP content (URL, headers, cookies)

• More flexible

• Can make smart routing decisions

• Example: Send /api/* to API servers, /static/* to CDN

Network vs Application Load Balancer

Examples of load balancers:

• Nginx and Apache are popular choices.

• Caddy, an awesome open-source load balancer and web server. Caddy is a modern version written in Go, so it's fun to use.

You can use Docker to use them. For example, in order to use Caddy do this:

docker pull caddy
docker run -d -p 8881:80 -v $PWD/index1.html:/usr/share/caddy/index.html caddy

---

Comparing the Three: Forward Proxy vs Reverse Proxy vs Load Balancer

---

Real-World Practical Examples

Example 1: Corporate Network with Forward Proxy

Your company has 500 employees. IT department sets up:

Forward Proxy at: 192.168.1.100

Configuration:
- Block: facebook.com, twitter.com during 9-5
- Block: gambling, adult sites (always)
- Cache: news sites, software downloads
- Log: all websites visited
- Scan: downloads for malware

Employee experience:
1. Opens browser
2. Browser configured to use proxy 192.168.1.100
3. Types: linkedin.com
4. Proxy checks rules → Allowed
5. Proxy fetches page
6. Employee sees LinkedIn
7. Admin sees log: "John accessed linkedin.com at 10:30 AM"

Example 2: E-commerce Site with Reverse Proxy

Your online store gets 10,000 visitors/day

Setup:
- Domain: shop.example.com
- Reverse Proxy: nginx on cloud server
- Backend: 3 web servers (hidden)

Flow:
1. Customer visits shop.example.com
2. DNS points to reverse proxy (203.0.113.5)
3. Proxy receives request
4. Proxy routes based on URL:
   - /products/* → Web Server 1
   - /cart/* → Web Server 2  
   - /api/* → API Server
   - /static/* → CDN (cached images/CSS)
5. Proxy handles SSL/TLS (HTTPS)
6. Proxy caches product images
7. Proxy blocks suspicious traffic (DDoS protection)
8. Customer never knows about backend servers

Benefits:
- Backend servers can be updated without downtime
- SSL managed in one place
- Faster response (caching)
- Better security (servers hidden)

Example 3: Netflix-Scale Load Balancing

Netflix has millions of concurrent users

Architecture:
- Multiple data centers worldwide
- Each data center has hundreds of servers
- Multiple layers of load balancers

Layer 1: DNS Load Balancing
- User in USA → US data center
- User in Europe → EU data center

Layer 2: Geographic Load Balancer
- Routes to nearest available data center
- Monitors data center health

Layer 3: Application Load Balancer (Layer 7)
- /browse → Catalog service
- /watch → Streaming service
- /account → User service

Layer 4: Server Load Balancer
- Distributes within service pools
- Monitors server health
- Removes failed servers automatically

Result:
- Millions of users streaming simultaneously
- Minimal buffering
- Automatic failover if servers crash
- Optimal performance worldwide

---

Health Checks: Keeping Services Running

Load balancers constantly monitor server health:

Active Health Checks:

Every 10 seconds:
1. Load balancer sends HTTP request to /health endpoint
2. Server responds: "200 OK" (healthy) or times out (unhealthy)
3. If unhealthy 3 times in a row → Remove from pool
4. If healthy again → Add back to pool

Example response:
GET /health
Response: {"status": "healthy", "cpu": "45%", "memory": "60%"}

Passive Health Checks:

Monitor actual traffic:
- If server returns 500 errors → Mark as unhealthy
- If response time > 5 seconds → Mark as slow
- If connection timeouts → Mark as unhealthy

---

Common Tools and Technologies

Forward Proxies

• Squid - Popular open-source proxy

• Charles/Fiddler - Developer debugging proxies

• Corporate Proxies - BlueCoat, Zscaler

• VPNs - NordVPN, ExpressVPN (proxy-like)

Reverse Proxies

• nginx - Most popular, fast and lightweight

• Apache - Traditional web server with proxy capabilities

• Cloudflare - Global CDN with reverse proxy

• Varnish - High-performance caching proxy

Load Balancers

• HAProxy - Open-source, very reliable

• nginx Plus - Commercial version with load balancing

• AWS ELB/ALB - Amazon's managed load balancers

• F5 BIG-IP - Enterprise hardware load balancers

• Google Cloud Load Balancer - Google's managed service

---

Security Considerations

Forward Proxy Risks

• Can log all your traffic (privacy concern)

• Man-in-the-middle for HTTPS (if certificate is intercepted)

• Single point of failure

Reverse Proxy/Load Balancer Risks

• Becomes prime DDoS target

• If compromised, attacker sees all traffic

• SSL certificate management is critical

Best Practices

1. Use HTTPS everywhere - Encrypt traffic

2. Regular security updates - Keep proxy software patched

3. Rate limiting - Prevent abuse

4. Monitoring - Detect anomalies

5. Redundancy - Multiple proxies/load balancers

---

Summary

Forward Proxy:

• Sits between you and the internet

• Protects/controls client access

• Hides your identity

• Example: Company firewall, VPN

Reverse Proxy:

• Sits between internet and your servers

• Protects/manages server access

• Hides server identity

• Example: Cloudflare, nginx

• Can route to different backend services

Load Balancer:

• Specialized reverse proxy

• Focuses on distributing traffic

• Ensures high availability

• Prevents server overload

• Example: AWS ELB, HAProxy

---

Videos about the three

Forward Proxy vs Reverse Proxy

---

Load Balancer

Layer 4 vs Layer 7 Load Balancer

About NGINX

The difference between Load Balancers and Reverse Proxy

---