Two proxies, two purposes
A proxy is a middlebox that relays requests on behalf of someone. The direction it faces decides what it is.
A forward proxy sits in front of clients. The client knows it is using a proxy, and the proxy reaches out to arbitrary servers. It is used for outbound control: caching, content filtering, and hiding the client identity from the destination.
A reverse proxy sits in front of servers. The client thinks it is talking to the real service, but the proxy fronts a pool of backends. It is used for inbound concerns: load balancing, TLS termination, caching, and shielding origin servers.
What changes between them
- A forward proxy is configured by the client and serves many destinations.
- A reverse proxy is deployed by the service owner and fronts a fixed set of origins.
- Both terminate one connection and open another, so both can inspect and rewrite traffic.
The same software can often play either role. The deployment position, not the binary, defines the pattern.
Key idea
A forward proxy fronts clients for outbound control, while a reverse proxy fronts servers for inbound load balancing and protection.