Protecting Company Servers: the Reverse Proxy

by Josh Biggs in Tech on 26th October 2019

Businesses today face a wide range of sophisticated cyber threats. Attackers are constantly looking for ways to disrupt server operations or gain access to data without authorization. This can cause significant financial and reputational damage to affected businesses.

A reverse proxy is a protective gateway that can provide a buffer between a business’s most important backend servers and the wider internet. In doing so, a reverse proxy offers protection in a number of ways.

The Common Threat: DDoS Attacks

Distributed denial of service attacks are one of the most common malicious cyberattacks and they can be used to target organizations, websites, or individuals. When an online service is taken down by attackers, it is usually by way of a DDoS attack. A DDoS attack involves trying to overwhelm the target by initiating a very large number of simultaneous communications. The result is that no individual connection is successful.

In order to generate the massive number of simultaneous connections required to bring a target down, attackers rely on bot networks, sometimes known as botnets or zombies. These are individual devices that are, to some extent, under the control of the attacker. They don’t necessarily need control of the whole system, just the ability to initiate a connection.

Any online server can be targeted by a DDoS attack, meaning that websites and online services can be targeted by DDoS attacks. However, there are a number of measures that the operators of these services can take in order to reduce the impact of DDoS attacks. Among these is the reverse proxy.

Proxy Servers

Before we get into what a reverse proxy server is, it is helpful to define what a regular proxy server is and what it is used for.

When you connect to the internet, whether it’s to a website or an online service like Netflix or Spotify, your device looks up the IP address of the server that is hosting the content you need and then connects to that address. This process, the DNS lookup, is akin to looking up the phone number of a business so you can call them.

When your device – the client – establishes a connection with a host server, there is an exchange of information. The details aren’t important, what matters is that you must reveal your IP address to any server you connect to, otherwise, the connection will fail.

When you connect to the internet via a proxy server, instead of directly connecting to the host and requesting the content you want, your device will connect to the proxy server and will tell the proxy server what it wants to request from the host. The proxy will then pass this request on, process the result, and send it back to the user. From the perspective of the user, this doesn’t take any more time than connecting normally does.

This means that the host server will see the IP address of the proxy server, not of the device connecting via the proxy.

What is a Reverse Proxy?

A proxy server handles connections from multiple clients and forwards their requests to host servers located around the world. A reverse proxy server does the opposite – it sits behind the firewall, connected to the internal network, and routes incoming client connections to the appropriate backend server.

To the client (the person connecting to the server), it makes no difference to their experience if there is a reverse proxy in place or not, just like it makes no difference if they are connected via a standard proxy or not.

How Reverse Proxies Protect Business Servers

A reverse proxy accomplishes a number of key objectives for businesses. With regards to DDoS attacks, a reverse proxy server can be used to distribute client connections evenly across all the available servers. This makes it much more difficult for a DDoS attack to succeed, requiring substantially more connections to achieve the same effect. Businesses can set their own load balancing and rerouting protocols for deciding how traffic is distributed across the available server capacity.

Reverse proxies can also be used to improve the speed of your inbound and outbound traffic by compressing data as it comes in or leaves your network. The server can also cache the most commonly requested content from within or outside your network so that it can be accessed much faster. Finally, you can offload the work involved in applying SSL encryption to your reverse proxy, freeing up processing power on your web servers.

A reverse proxy can help to prevent a DDoS attack from occurring in the first place by making it more difficult for a would-be attacker to discover your IP address. Just as a regular proxy acts as a buffer between a client and a host, a reverse proxy serves as a buffer between the host and the client. Were the client to probe a reverse proxy, they would discover the reverse proxy server address, not the address of the backend servers.

Adding this extra layer of protection between the wider internet and the key servers that host your most important applications and data reduces the chances of an attack that seeks to disrupt your service or to obtain sensitive data. The practical benefits to the speed of your connection due to caching, and the improved efficiency due to load balancing, are an added bonus.

A reverse proxy server provides a number of benefits for businesses looking for a simple way of improving the security of their backend systems. Not only will it improve your security, but a reverse proxy will also enable more efficient handling of incoming connections. Any business that is starting to grow and expand its IT infrastructure should seriously consider investing in a reverse proxy for their network.

When you compare the costs of getting a reverse proxy properly set up and configured, they pale in comparison to the potential costs of suffering a sustained DDoS attack. Don’t assume that it is only large and controversial businesses that attract the attention of cyber criminals – it is a problem that affects businesses across the board.

Categories: Tech