A proxy server is a system that acts as an intermediary between an endpoint device (like your computer) and another server from which you are requesting a service.

Forward Proxy (Protecting the Client)

Think of a Secret Agent:

• You want to buy a ticket for a movie, but you don't want anyone to know it was you.
• You hire a Secret Agent (Forward Proxy).
• The Agent goes to the theater, buys the ticket, and brings it back to you.
• The theater knows they sold a ticket, but they only saw the Agent's face, not yours!

Reverse Proxy (Protecting the Server)

Think of a Receptionist at a building:

• You want to talk to the CEO.
• You don't know which floor the CEO is on.
• You talk to the Receptionist (Reverse Proxy) at the front door.
• The Receptionist takes your message and delivers it to the CEO.
• You don't know exactly where the CEO is sitting; you just know the Receptionist handled it.

---

Forward Proxy

• Sits in front of: The Client.
• Used for: Anonymity, bypassing firewalls, or filtering content (e.g., in a school or office).
• Visibility: The internet sees the proxy's IP, not the user's.

Reverse Proxy

• Sits in front of: The Server(s).
• Used for: Load Balancing, TLS Termination (SSL), Caching, and Security.
• Visibility: The user thinks they are talking directly to the server, but they are actually talking to the proxy (e.g., NGINX).

---

Use Case: TLS Termination

Encryption is "heavy" computational work. Instead of every small back-end server doing encryption, we let the Reverse Proxy (like NGINX or AWS ALB) handle it. The proxy talks HTTPS to the user, but HTTP to the internal servers. This is called "SSL Offloading."

Use Case: Direct Server Access

Interviewers might ask: "Why shouldn't I just expose my database to the internet?" Answer: Security. A Reverse Proxy acts as a shield. It only lets specific types of traffic through and hides the internal IP addresses of your real servers.

Popular Tools

• Forward: Squid, Blue Coat.
• Reverse: NGINX, HAProxy, Apache. 🛡️