What is the role of a reverse proxy?

Hello,
I launched a reverse proxy server by Apache with below configuration:

<VirtualHost *:80>
        ProxyPreserveHost On
        ProxyPass / http://Server-IP/
        ProxyPassReverse / http://Server-IP/
</VirtualHost>

I have some questions:
1- The real work of a proxy server is just that lines?
2- The real configuration of the web server must be done on the another server? Consider below figure:

The Internet --> Reverse Proxy Server --> Apache Web Server

The SSL configuration and other Apache hardening and configuration must be done on the Apache Web Server and not the Reverse Proxy Server?

Please share your experiences.

Thank you.

1 Like

There are basically three reasons to use a reverse proxy:

  1. One entry point to a network – the proxy server is exposed directly to the Internet, and the “worker” servers can be on a locked-down network. This can be part of your security design.
  2. Performance – the proxy server can do load balancing, caching, etc.
  3. Features – Apache httpd is a powerful, configurable server which can do fancy re-writing and basically anything imaginable. You may have an application with its own simpler web server (perhaps built in), or maybe you have a mix of python and node and java backends and rather than configuring them all in each specific way, you leave them simple and put all the complexity in one place.
3 Likes

Thank you.
1- In general, an Apache Reverse Proxy is just that lines?
2- About “Features”, you meant was that the program that using itself web server maybe is not secure as Apache Web Server and a Reverse Proxy with Apache can handle the request and hide that insecure web server from the web?

It’s been a long time since I set it up, but yes that looks like a good basic start. More in the docs here: Reverse Proxy Guide - Apache HTTP Server Version 2.4, with a lot about load balancing.

No, I meant actual features. Like, if you want to do URL rewriting, or, configure mod_evasive to prevent DDoS attacks – the app’s own native webserver might not have the capability to do such things. Hiding a less-secure webserver from direct exposure to the web was my point #1.

2 Likes

Thank you.
Thus, an Apache Reverse Proxy can play the role of a firewall too. Why I wrong about “features”? You mean, wasn’t that a program that using its web server (Like Openfire that using Jetty) maybe is insecure, but Apache is more secure and can help that program (Openfire) with act as Reverse Proxy!

I didn’t mean that you’re completely wrong, just that it wasn’t what I meant by that point. :slight_smile: It may also be true that Apache provides an additional layer of security.

1 Like