Proxy 即Proxy Server 代理服务器，Reverse Proxy 即Reverser Proxy Server 逆向代理服务器。

Proxy Server 原理

Proxy Server.png

两台电脑通过第三台电脑进行沟通时，第三台电脑就扮演代理服务器角色。以上图为例，Bob并不知道信息的去向。代理服务器授予客户端匿名性。

A typical usage of a forward proxy is to provide Internet access to internal clients that are otherwise restricted by a firewall.

那么，为什么Alice要通过Proxy Server去访问Bob ，而不是直接访问，原因在于Alice无法直接访问问Bob, 其中可能的原因如下：

1. Alice的系统管理员禁用了访问Bob的路径，出于安全，文化差异，信息管控的原因

2. Bob的系统管理员禁用了来自Alice的访问，比如Alice是恶意访问

Reverse Proxy 原理

逆向代理授予了后端服务器的匿名性。

A typical usage of a reverse proxy is to provide Internet users access to a server that is behind a firewall

Bob设置Reverse Proxy的目的：

1. 强制所有的流量访问必须通过逆向代理服务器
2. 大量的用户访问， Bob并非一个单一的服务器。Bob设置了很多的服务器，并在网络上设置逆向代理服务器，用户的请求会通过规则，发送到不同的服务器。

The previous answers were accurate, but perhaps too terse. I will try to add some examples.
First of all, the word "proxy" describes someone or something acting on behalf of someone else.
In the computer realm, we are talking about one server acting on the behalf of another computer.
For the purposes of accessibility, I will limit my discussion to web proxies - however, the idea of a proxy is not limited to websites.

FORWARD proxy

Most discussion of web proxies refers to the type of proxy known as a "forward proxy."

The proxy event, in this case, is that the "forward proxy" retrieves data from another web site on behalf of the original requestee.

A tale of 3 computers (part I)

For an example, I will list three computers connected to the internet.

• X = your computer, or "client" computer on the internet
• Y = the proxy web site, proxy.example.org
• Z = the web site you want to visit, www.example.net

Normally, one would connect directly from X --> Z.

However, in some scenarios, it is better for Y --> Z on behalf >of X, which chains as follows: X --> Y --> Z.

Reasons why X would want to use a forward proxy server:

Here is a (very) partial list of uses of a forward proxy server:

• 1. X is unable to access Z directly because

• a) Someone with administrative authority over X's internet >connection has decided to block all access to site Z.

  • Examples:

    • The Storm Worm virus is spreading by tricking people into visiting familypostcards2008.com, so the system administrator has blocked access to the site to prevent users from inadvertently infecting themselves.

  • Employees at a large company have been wasting too much time on facebook.com, so management wants access blocked during business hours.

  • A local elementary school disallows internet access to the playboy.com website.

  • A government is unable to control the publishing of news, so it controls access to news instead, by blocking sites such as wikipedia.org. See TOR or FreeNet.

• b) The administrator of Z has blocked X.

  • Examples:

  • The administrator of Z has noticed hacking attempts coming from X, so the administrator has decided to block X's IP address (and/or netrange).

  • Z is a forum website. X is spamming the forum. Z blocks X.

REVERSE proxy

A tale of 3 computers (part II)

For this example, I will list three computers connected to the internet.

• X = your computer, or "client" computer on the internet
• Y = the reverse proxy web site, proxy.example.com
• Z = the web site you want to visit, www.example.net

Normally, one would connect directly from X --> Z.

However, in some scenarios, it is better for the administrator of Z to restrict or disallow direct access and force visitors to go through Y first. So, as before, we have data being retrieved by Y --> Z on behalf of X, which chains as follows: X --> Y --> Z.

What is different this time compared to a "forward proxy," is that this time the user X does not know he is accessing Z, because the user X only sees he is communicating with Y. The server Z is invisible to clients and only the reverse proxy Y is visible externally. A reverse proxy requires no (proxy) configuration on the client side.

The client X thinks he is only communicating with Y (X --> Y), but the reality is that Y forwarding all communication (X --> Y --> Z again).

Reasons why Z would want to set up a reverse proxy server:

• 1. Z wants to force all traffic to its web site to pass through Y first.
• a) Z has a large web site that millions of people want to see, but a single web server cannot handle all the traffic. So Z sets up many servers and puts a reverse proxy on the internet that will send users to the server closest to them when they try to visit Z. This is part of how the Content Distribution Network (CDN) concept works.
  • Examples:
  • Apple Trailers uses Akamai
  • Jquery.com hosts its JavaScript files using CloudFront CDN (sample).
  • etc.
• 2. The administrator of Z is worried about retaliation for content hosted on the server and does not want to expose the main server directly to the public.
• a) Owners of Spam brands such as "Canadian Pharmacy" appear to have thousands of servers, while in reality having most websites hosted on far fewer servers. Additionally, abuse complaints about the spam will only shut down the public servers, not the main server.

In the above scenarios, Z has the ability to choose Y.

Links to topics from the post:

Content Delivery Network

• Lists of CDNs
• http://www.mytestbox.com/miscellaneous/content-delivery-networks-cdn-list/
• http://blog.streamingmedia.com/the_business_of_online_vi/2008/01/updated-list-of.html

Forward proxy software (server side)

• PHP-Proxy
• cgi-proxy
• phproxy (discontinued)
• glype
• Internet censorship wiki: List of Web Proxies
• squid (apparently, can also work as a reverse proxy)

Reverse proxy software for HTTP (server side)

• [Apache mod_proxy]>(http://wiki.apache.org/cocoon/ApacheModProxy) (can also work as a forward proxy for HTTP)
• nginx (used on hulu.com, spam sites, etc.)
• HAProxy
• Caddy Webserver
• lighthttpd
• perlbal (written for livejournal)
• portfusion
• pound
• varnish cache (written by a FreeBSD kernel guru)
• repose

Reverse proxy software for TCP (server side)

• balance
• delegate
• pen
• portfusion
• pure load balancer (web site defunct)
• python director

See also:

• Wikipedia - Content Delivery Network
• Wikipedia - Category:Reverse_proxy
• Wikipedia - Load Balancing
• Wikipedia - Scalability

转自：https://stackoverflow.com/questions/224664/whats-the-difference-between-a-proxy-server-and-a-reverse-proxy-server

https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#forwardreverse

Typical Web Server

In addition to being a "basic" web server, and providing static and dynamic content to end-users, Apache httpd (as well as most other web servers) can also act as a reverse proxy server, also-known-as a "gateway" server.

In such scenarios, httpd itself does not generate or host the data, but rather the content is obtained by one or several backend servers, which normally have no direct connection to the external network. As httpd receives a request from a client, the request itself is proxied to one of these backend servers, which then handles the request, generates the content and then sends this content back to httpd, which then generates the actual HTTP response back to the client.

There are numerous reasons for such an implementation, but generally the typical rationales are due to security, high-availability, load-balancing and centralized authentication/authorization. It is critical in these implementations that the layout, design and architecture of the backend infrastructure (those servers which actually handle the requests) are insulated and protected from the outside; as far as the client is concerned, the reverse proxy server is the sole source of all content.

A typical implementation is below:

reverse-proxy-arch.png

转自： https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html