Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Difference Between Forward and Reverse Proxy?

Former Member
0 Kudos

Hi All,

Can anybody let me know the basic difference between Forward and reverse Proxy?In which Scenarios we use them?What is the use and significance of IIS proxy.How it is useful when we access an application(say portal) through internet?

I would appreciate if anyone can give some concepts on my above queries.

Regards

Rani A

1 ACCEPTED SOLUTION

Former Member
10 REPLIES 10

Former Member

0 Kudos

Hi Soma,

Thanks,but I would appreciate if i can get clear differences in basic and easy language.Because basically I am not a security consultant and the terms given there are bit high level for me.

Thanks

Rani A

0 Kudos

Rani,

I hope this helps :

Lets suppose you have 3 systems :

A - A workstation with Web browser installed.

B - A server on network running proxy software

C - An application server

The normal use of a forward proxy is as follows :

Browser on A opens a URL on C, and the Browser is configured to pass all traffic through a proxy, so it sends the URL to C via A. The proxy server at B, then receives the request from A, decides whether it can be forwarded to C, or not. Depending on configuration of B, this might simply be : if authenticated then forward, otherwise authenticate first, then forward. The configuration of B might also be different/more complex.

For a reverse proxy, the following normally occurs :

Browser on A opens a URL on C, and this request is sent to C. In this case the Browser has no knowledge of B. When the request is recevied by C, C has knowledge of the proxy server so it redirects the request to B, Proxy at B then checks if authentication has occured (e.g. look for cookie in HTTP header) and depending on how it is configured, it will redirect back to C, or fail the request.

I hope I have simplified it enough for you ?

Thanks,

Tim

0 Kudos

The forward proxy acts (from an outside view) as the browser to many web servers and is installed close to the browser.

The Reverse proxy acts (from an outside view again) as the server to many web browsers and is installed close to the web server.

You can even have both:

Web Browser -> Forward Proxy -> Internet -> Reverse Proxy -> Web Server

easy enough ?

0 Kudos

Hi Tim/Patrick,

Definitely it clears my doubt for proxy Basics.But more the clarity,more doubts:-)

Which proxy would be considered as more Secure,more useful?Can you give some examples.I heard Reverse proxy is more oftenly used.

In my partcular scenario which you would recommend for and why?

I have a WAS java(for portals) and many client machines would be accessing my applicatio server through internet,one one should i use.

1. Https between web browser and WAS java

2. Forward proxy

3. Reverse Proxy

4.any other

Whenever I use my SAP portals,very often i get this error"<b>IIS proxy.dll Bad Gateway</b>"Why it comes?is it forward or reverse?

Thanks Again for good answers

Regards

Rani A

0 Kudos

hi Rani,

there is no 'more secure' or m'ore useful', they simply serve different purposes. The forward proxy is used to limit the exposure of clients towards the outside network. They are able to control, who surfs the web, where and when. They also are able to control the responses of the servers.

A reverse proxy is often used to change certain functionality of the backend system or to integrate data from different sources and some stuff more. You can find some more infos about this in a <a href="http://educontent.wdf.sap.corp:1080/teched05/powerpoints/AGS200.pdf">Teched presentation</a> I made last year. I usually talk about an application gateway if a reverse proxy is used for security puposes.

As you can see in the <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/8d/f3da779bd02c4fa54fda5d6944f2d6/frameset.htm">docs</a>, SAP even recommends to use application gateways to protect systems, esepcially if they are accesed from the internet.

The message you are referring to can have multiple reasons, in most cases, this is a problem of the iis_proxy not able to connect to the backend system configured for the URL received.

Regards,

Patrick

0 Kudos

Rani,

It is hard to compare the two, because they both have advantages and disadvantages, depending on your needs. The use of one versus the other depends mostly on the network architecture,, e.g. where firewalls are located, whether NAT is used, whether you have a DMZ, etc. A forward proxy is commonly used in an Intranet environment.

Clearly you are using the SAP IIS proxy as a reverse proxy, so I suggest you request that SAP help you find out why you are getting errors from this product. Patrick works for SAP, so maybe he can advise on best action to take.

Thanks,

Tim

0 Kudos

Hi Again,

Its quite clear now.But a few doubts at the last before i close the thread. I looked into the docs and a mere confusion between these:

Are Application gateway,proxies and firewalls are same?I mean in one or the other way are they used in DMZ to provide more security and authority checks?Is It very necessary to have forward proxy in intranet scenario?

I heard about SAP Webdispatcher also somewhere in docs.Is it also used to provide security ?or is it a mechanism to achieve load balancing between browser and server?

Thanks for your help again

Regards

Rani A

0 Kudos

Hi Rani,

for the differences between application gateways and firewals, please have a look at this <a href="http://educontent.wdf.sap.corp:1080/teched05/powerpoints/AGS200.pdf">presentation</a>. An application gateway is a reverse proxy with some added security features.

In an intranet scenario it is not necessary to have a forward proxy.

SAP WebDispatcher does provide some security features but primarily is a loadbalancer (essentrially a reverse proxy which is able to do load distribution among a number of backend systems).

regards,

Patrick

0 Kudos

Hi,

Thanks to both of you and points too.:-)

Regards

Rani A