Reverse proxy

How I once explained how a reverse proxy works with a cocktail and straws

Many website operators are not aware that a colorful cocktail of different servers is often used to operate their website. At the top of the list of ingredients is the actual web server that delivers the content of the website.

As a rule, a separate mail server is also used to communicate with customers, suppliers and employees.

There can also be many other ingredients in the infrastructure, such as

  • Name servers for the name resolution of your servers
  • Subdomains with their own applications that run on their own hardware
  • Applications from hyperscalers such as Amazon's S3, from which you have rented storage
  • US providers such as Microsoft or Cloudflare, which provide various services for you

You can now imagine a reverse proxy as a small curtain with a picture of your cocktail on it. However, the actual cocktail is hidden behind the curtain from the eyes of other drink lovers. If you want to let one of your guests taste your cocktail, give them one or more straws that lead directly to your cocktail. Thus: The Reverse Proxy hides all components of your infrastructure behind a virtual curtain. The straws are the routes to your hardware that only the proxy knows about.

Here is a more technical description:

  • The reverse proxy accepts requests from outside and forwards them to your servers in a controlled manner.
  • This prevents direct access to the real servers - external users only see the reverse proxy.
  • Typical additional functions are caching and encryption/cancellation of SSL connections (SSL offloading).

How can a reverse proxy improve my cyber security?

  • Protective shield: The backend servers are hidden behind the reverse proxy, so hackers cannot see the actual server addresses or attack them directly.

  • Inspection and filtering: The reverse proxy can act as a web application firewall by intelligently inspecting all incoming data and blocking attacks such as SQL injection, cross-site scripting or malware.

  • Encryption: It can process SSL/TLS connections and decrypt encrypted data centrally, which increases security and performance.

  • Load balancing: By forwarding requests to several servers (load balancing), the overloading of individual systems is prevented and the attack surface is distributed.

  • Anonymization: The real server structure remains hidden, making attacks more difficult.

Simple example

Instead of visitors to a website reaching the web server directly, they only communicate with the reverse proxy. This decides which request is allowed and how it is processed - thus inserting an additional security filter between the Internet and internal IT.

What can you expect from us?

After your first website security audit by JOUO.DE, you will see your IT infrastructure and possible vulnerabilities. You can then make an appointment with us. We will explain the findings to you and discuss possible measures with you - such as setting up a reverse proxy. We will be happy to put you in touch with one of our hand-picked partners in Germany or Switzerland to solve your problem.

to the contact