Understand the difference between forward proxy and reverse proxy

The concept of forward agent

Forward agent is the legendary agent. His working principle is like a springboard.
Simply put,
I am a user, I cannot access a certain website, but I can access a proxy server
As for this proxy server, he can access the website that I cannot access
So I connected to the proxy server first and told him that I needed The content of the website that cannot be accessed
The proxy server retrieves it and then returns it to me

From the perspective of the website, there is only one record when the proxy server comes to retrieve the content
Sometimes I don’t know It is the user's request and also hides the user's information. It depends on whether the proxy tells the website.

The conclusion is that the forward proxy is a server between the client and the origin server. , in order to obtain content from the original server, the client sends a request to the proxy and specifies the target (original server), and then the proxy forwards the request to the original server and returns the obtained content to the client. The client must make some special settings to use the forward proxy.
Enable Apache proxy module

a2enmod proxy
a2enmod proxy_http

Configuring the forward proxy is very simple, you just need to add your browser's Proxy option The vHost host configured by Apache can1.1 Apache configuration httpd-vhosts.conf (take Windows as an example)

367e5423ee61f30ef297d66282a28f6f
    ServerAdmin prograsliu@gmail.com
    DocumentRoot "D:/www/test"
    ServerName www.test.com
    ServerAlias test.com
    ErrorLog "logs/test.com-error.log"
    CustomLog "logs/test.com-access.log" common    
    Alias /sublook "D:/www/test/look/sublook/"
    18d4f33c18dc818d2362eebe2c1a9e11
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    bb15ed4aadeed04b3991578461de0768
    
    #正向代理设置
    ProxyRequests On
    ProxyVia On
    7d9fcec3554cc595fd40d709276976ea
        Order deny,allow
        Deny from all
        Allow from 127.0.0.1
    248646610573c6b250290f263ba4c0b4
ee672f0beb03b42be69279368a66a410

Now look at the forward proxy Set that section
ProxyRequests On: Turn on the Apache forward proxy
ProxyVia On: Control the flow of proxy requests located in the proxy server chain
Quote the explanation of ProxyVia in the official Apache2.2 document as follows:
1. If set to the default value Off, no special treatment will be taken. If a request or response contains a "Via:" header, it will be passed through without any modification.
2. If set to On, each request and response will get a "Via:" header corresponding to the current host.
3. If set to Full, the version of the Apache server will be added to each generated "Via:" header, appearing in the "Via:" annotation field.
4. If set to Block, all "Via:" header lines in each proxy request will be deleted. And no new "Via:" header will be generated.
6ee15aaa635d127fa1757e7ffe9b4b24...248646610573c6b250290f263ba4c0b4: Used to control who can access your proxy

7d9fcec3554cc595fd40d709276976ea
     Order deny,allow
    Deny from all
     Allow from 127.0.0.1
248646610573c6b250290f263ba4c0b4

Set here so that the local machine can use the proxy. When you actually use it, you can use it yourself. Set
1.2 Browser settings (take FireFox as an example)

##1.3 Access effect
Visit www.sina.com and observe the HTTP request Response:


You can see that Via: www.test.com, the forward proxy is successful.

The concept of reverse proxy

Continue with the example:

The user accesses http://test.me/readme
but test. The readme page does not exist on me
He secretly retrieved it from another server, and then spat it out to the user as his own content

But the user did not know it

What is mentioned here The server corresponding to the domain name test.me has been set up with a reverse proxy function

结论就是 反向代理正好相反，对于客户端而言它就像是原始服务器，并且客户端不需要进行任何特别的设置。客户端向反向代理 的命名空间(name-space)中的内容发送普通请求，接着反向代理将判断向何处(原始服务器)转交请求，并将获得的内容返回给客户端，就像这些内容 原本就是它自己的一样。

2.1 Apache设置

<VirtualHost *:80>
     ServerAdmin prograsliu@gmail.com
     DocumentRoot "D:/www/test"
     ServerName www.test.com
     ServerAlias test.com
     ErrorLog "logs/test.com-error.log"
     CustomLog "logs/test.com-access.log" common    
     Alias /sublook "D:/www/test/look/sublook/"
     <Directory "D:/www/test">
         Options FollowSymLinks
         AllowOverride All
         Order allow,deny
         Allow from all
     </Directory>
     
     #反向代理设置
     ProxyPass /proxy http://www.proxypass.com/proxy
     ProxyPassReverse /proxy http://www.proxypass.com/proxy
 
 </VirtualHost>
 
 <VirtualHost *:80>
     ServerAdmin prograsliu@gmail.com
     DocumentRoot "D:/www/proxypass"
     ServerName www.proxypass.com
     ServerAlias proxypass.com
     <Directory "D:/www/proxypass">
         Options FollowSymLinks
         AllowOverride All
         Order allow,deny
         Allow from all
     </Directory>
 </VirtualHost>

现在看反向代理设置那一段
ProxyPass /proxy http://www.proxypass.com/proxy : 将 www.test.com/proxy 域下的所有请求转发给 www.proxypass.com/proxy 代理，例如 www.test.com/proxy/login.php 会交给 www.proxypass.com/proxy/login.php 代理
ProxyPassReverse /proxy http://www.proxypass.com/proxy ：
www.proxypass.com/proxy/login.php 中有如下代码：

<?php
    header(&#39;Location: http://www.proxypass.com/proxy/result.php&#39;);
?>

那么在重定向的时候，Apache会将HTTP请求重新设为 http://www.test.com/proxy/result.php， 这样的作用稍后讲解
www.proxypass.com/proxy/result.php 中有如下代码：

<?php
    echo &#39;in proxypass.com <br>&#39;;
?>

2.2 浏览器访问效果
访问 www.test.com/proxy/login.php
Apache将请求交给 www.proxypass.com/proxy/login.php 代理，HTTP请求如图：

可以发现其实Request中的请求还是 www.test.com 的，但是它确实是由 www.proxypass.com 来处理的
proxypass.com/proxy/login.php 重定向到 proxypass.com/proxy/result.php
页面显示 in proxypass.com
HTTP请求如图：


也可以看到请求依然是 www.test.com/proxy/result.php

这里就是 ProxyPassReverse 发挥作用的地方，如果不加这个项，重定向后HTTP请求会如下图：


可以发现请求中的GET是 www.proxypass.com 而不是 www.test.com ，这是因为配置了ProxyPassReverse后，proxypass.com/proxy/login.php 在重定向到 proxypass.com/proxy/result.php 时，Apache会将它调整回 test.com/proxy/result.php , 然后Apache再将 test.com/proxy/result.php 代理给 proxypass.com/proxy/result.php，所以说配置了 ProxyPassReverse 后，即使 proxypass.com/proxy 下的程序有重定向到其他 proxypss.com/proxy 的文件的（如 login.php 重定向到 result.php），你也不会在请求中发现 proxypass.com 的影子。

两者区别

从用途上来讲：

正向代理的典型用途是为在防火墙内的局域网客户端提供访问Internet的途径。
正向代理还可以使用缓冲特性减少网络使用率。
反向代理的典型用途是将防火墙后面的服务器提供给Internet用户访问。
反向代理还可以为后端的多台服务器提供负载平衡，或为后端较慢的服务器提供缓冲服务。

另外，反向代理还可以启用高级URL策略和管理技术，从而使处于不同web服务器系统的web页面同时存在于同一个URL空间下。

In terms of security:

The forward proxy allows the client to access any website through it and hide the client itself, so you must take security measures to ensure that only authorized The client provides services.

Reverse proxies are transparent to the outside world, and visitors do not know that they are visiting a proxy.

This article explains the difference between forward proxy and reverse proxy. For more related content, please pay attention to php Chinese website.

Related recommendations:

How to use Apache to build a virtual host

How to start and monitor the sh memcached process

Introducing the relevant content of automatically logging in to Google Play to download app report

The above is the detailed content of Understand the difference between forward proxy and reverse proxy. For more information, please follow other related articles on the PHP Chinese website!