Glossary · 3 min read

What Is a Reverse Proxy?

Learn how reverse proxies work, the difference between forward and reverse proxies, and common use cases including load balancing, SSL termination, and caching.

What Is a Reverse Proxy?

A reverse proxy is a server that sits in front of one or more backend servers and forwards client requests to them. Unlike a forward proxy (which acts on behalf of clients), a reverse proxy acts on behalf of servers. Clients connect to the reverse proxy, which then retrieves the response from the appropriate backend and returns it to the client.

Forward Proxy vs. Reverse Proxy

  • Forward proxy. Sits between clients and the internet. Clients configure their applications to route traffic through the proxy. Used for content filtering, anonymity, and caching. The server does not know the client's real IP.
  • Reverse proxy. Sits between the internet and backend servers. Clients connect to the proxy's public IP, unaware of the backend architecture. The backend servers do not need public IP addresses.

Common Use Cases

Load Balancing

A reverse proxy distributes incoming requests across multiple backend servers, preventing any single server from becoming a bottleneck. Load balancing algorithms include round-robin, least connections, IP hash, and weighted distribution. This is critical for high-traffic web applications and email gateways.

SSL/TLS Termination

The reverse proxy handles TLS encryption and decryption, offloading this CPU-intensive work from backend servers. The proxy holds the TLS certificate and communicates with backends over plain HTTP (or an internal encrypted channel). This simplifies certificate management since only the proxy needs a certificate.

Caching

Reverse proxies cache static content (images, CSS, JavaScript) and sometimes dynamic responses, reducing load on backend servers and improving response times for clients. Cache headers (Cache-Control, ETag) control what gets cached and for how long.

Security and DDoS Protection

By concealing backend server IPs and acting as a single entry point, reverse proxies reduce the attack surface. They can filter malicious requests, enforce rate limiting, and absorb volumetric DDoS attacks before traffic reaches your infrastructure.

URL Routing and Rewriting

Reverse proxies can route requests to different backends based on URL path, hostname, headers, or other criteria. This enables microservice architectures where different paths (e.g., /api, /app, /static) are served by different backend services.

Common Reverse Proxy Software

  • Nginx. The most widely used reverse proxy and web server. Handles load balancing, SSL termination, caching, and HTTP/2 with minimal configuration.
  • HAProxy. Purpose-built for high-performance load balancing and proxying. Commonly used for TCP and HTTP traffic in large-scale deployments.
  • Caddy. Modern web server with automatic HTTPS (via Let's Encrypt) built in. Simple configuration for reverse proxy use cases.
  • Cloudflare. A cloud-based reverse proxy that provides CDN, DDoS protection, SSL termination, and DNS. Operates as an anycast network in front of your origin server.
  • Traefik. Designed for containerized and microservice environments. Integrates with Docker and Kubernetes for automatic service discovery.

Reverse Proxies and Email Infrastructure

While reverse proxies are primarily associated with HTTP traffic, similar concepts apply to email. SMTP proxies and load balancers distribute inbound email across multiple mail servers, and TLS termination at the proxy layer simplifies certificate management for mail services.

Ensure that your DNS records correctly point to your proxy's public IP, not your backend servers. Use our DNS lookup tool to verify your A records, and check that MX records point to the correct hostnames for your mail infrastructure.

Stay on top of your email infrastructure. Sign up for the InboxTooling newsletter for deliverability tips, tool updates, and best practices.

More glossary terms

DNS Ports Explained

Understand which network ports DNS uses, including port 53 for standard queries, port 443 for DNS over HTTPS, and port 853 for DNS over TLS.

DNS Record Types: A Complete Reference Guide

A technical reference for all major DNS record types including A, AAAA, MX, CNAME, TXT, NS, SOA, PTR, SRV, and CAA. Includes example values and use cases.

How Do IP Addresses Work?

Understand how IP addresses work, including IPv4 vs IPv6 formats, public vs private addresses, static vs dynamic assignment, NAT, and CIDR notation.

SMTP Ports Explained: 25, 465, 587, and 2525

Understand the four SMTP ports, when to use each one, the difference between STARTTLS and implicit TLS, and why ISPs block port 25.

What Is DKIM (DomainKeys Identified Mail)?

Learn how DKIM uses cryptographic signatures to authenticate email, including selector records, public/private key pairs, and the verification process per RFC 6376.

What Is DMARC?

Understand DMARC, how it builds on SPF and DKIM with alignment checks, policy options (none, quarantine, reject), and aggregate vs forensic reporting per RFC 7489.

What Is DNS (Domain Name System)?

Learn how the Domain Name System works, including recursive and iterative queries, root servers, caching, and TTL values. A technical overview referencing RFC 1035.

What Is Secure DNS (DoH and DoT)?

Learn about secure DNS protocols including DNS over HTTPS, DNS over TLS, and DNSSEC. Understand why standard DNS is insecure and how to protect your queries.

What Is a Domain Name?

Learn what a domain name is, how domains map to IP addresses via DNS, the difference between TLD types, and how subdomains, URLs, and hostnames relate.

What Is a Gateway IP Address?

Learn what a gateway IP address is, how default gateways route traffic between networks, and how to find your gateway address on any operating system.

What Is a Reverse Lookup?

Understand reverse lookups including reverse DNS (PTR records), reverse IP lookups, and reverse email lookups. Learn how each works, common use cases, and limitations.

What Is an Email Bounce?

Understand email bounces, the difference between hard and soft bounces, common SMTP error codes, and how bounces affect sender reputation.

What Is an Email Domain Name?

Learn what an email domain is, how the @domain.com part of email addresses works with MX records to route messages, and the difference between free and custom email domains.

What Is an SMTP Server?

Learn how SMTP servers work, the difference between MTA, MSA, and MDA, and how email is delivered hop by hop using the SMTP protocol defined in RFC 5321.

What Is an SPF Record?

Understand SPF records, how they authorize email senders, the TXT record format, and how receivers evaluate SPF results including pass, fail, and softfail.

What Is an SSL Certificate?

Learn how SSL/TLS certificates encrypt internet traffic, how the chain of trust works, the difference between DV, OV, and EV certificates, and why TLS replaced SSL.