Forward and reverse proxies

A proxy is a middleman

A proxy is a server that sits between two parties and relays requests on their behalf. The whole distinction is which party it stands in for — the client or the server. Mixing these up is a classic interview stumble, so anchor on the direction.

Forward proxy — fronts the clients

A forward proxy sits in front of a group of clients and makes requests to the internet on their behalf. The destination server sees the proxy, not the real client.

Used for:

• Anonymity / privacy — hide client IPs behind the proxy.
• Access control & filtering — a corporate proxy blocks or logs which sites employees reach.
• Caching — cache popular outbound content for many clients (an old-school web cache).
• Bypassing restrictions — reach content as if from the proxy’s location.

Think “the client’s agent to the world.”

Reverse proxy — fronts the servers

A reverse proxy sits in front of your servers and receives requests from the internet on their behalf. The client thinks it’s talking to one server; behind the proxy there may be many. This is the one you’ll use constantly in designs.

Used for:

• Load balancing — spread requests across backend servers (a load balancer is a kind of reverse proxy).
• TLS termination — handle HTTPS encryption/decryption in one place.
• Caching & compression — serve cached responses and compress without bothering the app servers.
• Security — hide the topology and IPs of your backends; a single choke point to filter abuse.

Think “the servers’ agent to the world.” Nginx, HAProxy, and Envoy are common examples.

The one-line way to keep them straight

• Forward proxy → protects/serves the client; the server doesn’t know who the client is.
• Reverse proxy → protects/serves the server; the client doesn’t know which server answered.

In Chapter 3 we sharpen this further — reverse proxy vs load balancer vs API gateway are closely related but distinct, and knowing the boundaries is a strong signal.