ReverseProxy, API Gateway and Load Balancer

TL;DR

1. Forward Proxy

Acts on behalf of the client to access the internet.

• Anonymity: Hides the client’s IP address from the destination server.
• Security & Filtering: Blocks harmful sites and filters outgoing traffic.
• Caching: Stores responses locally to save bandwidth for the internal network.
• Logging: Monitors and records user activity within a private network.

2. Reverse Proxy

Acts on behalf of servers to manage incoming requests.

• Server Anonymity: Hides backend server details from the public.
• SSL Termination: Handles CPU-intensive decryption/encryption.
• Compression: Compresses responses (e.g., GZIP) to speed up delivery.
• Traffic Inspection: Scans for malicious code before it reaches the backend.

3. Load Balancer

A specialized reverse proxy focused on traffic distribution.

• Traffic Control: Distributes requests across multiple servers to prevent overload.
• Reliability: Ensures high availability by routing traffic away from failed servers.
• Optimization: Maximizes performance across the entire server fleet.

4. API Gateway

An API-aware proxy for managing microservices and web APIs.

• Auth: Centralizes authentication and authorization at the network edge.
• Rate Limiting: Prevents abuse by capping request volume per client.
• Transformation: Converts protocols (e.g., JSON to XML) or modifies headers.
• Versioning: Routes traffic to different service versions (v1 vs. v2).
• Monitoring: Tracks latency (P95) and usage analytics.

---

References:

• https://www.youtube.com/watch?v=DVR0zvDYJgY
• https://youtu.be/xo5V9g9joFs?si=fgJcOx8u45kpow3l

All of these sit between Client and the servers . Each of these have a different purpose and solve different problems.

Before starting with Reverse Proxies let's understand what's a normal proxy (forward proxy)

Forward Proxy

A forward proxy is a proxy server that sits in front of clients (users) and acts as a middleman between a private network and the public internet

Its primary role is to help clients reach servers while providing a layer of control, security, or anonymity

Key functions and characteristics of forward proxies include:
Security and Filtering: A forward proxy acts as a "guard" for a private network

• It can filter outgoing traffic to block harmful websites or scripts before they reach a user's machine
• Administrators can also blacklist specific websites to prevent employees or users from visiting them

Anonymity: It can be used as a privacy service to mask a client’s IP address

• In this scenario, the destination server only interacts with the proxy, not the actual client

Caching for Performance: Forward proxies can cache (store) responses locally

• For example, if one person in an office watches a specific tutorial video, the proxy saves a copy; when other people in the same office want to watch it, the proxy serves the cached version instead of downloading it again from the internet, which saves bandwidth and reduces traffic

Activity Logging: They can be used to log user activity, allowing organizations to monitor which websites are being visited by people within the network

Virus Scanning: Beyond just blocking sites, a forward proxy can scan incoming responses for viruses and block malicious content before it enters the internal network

---

Reverse Proxy

A reverse proxy is a proxy server that sits in front of one or more web servers, acting as an intermediary for incoming requests from clients.
Unlike a forward proxy, which protects the user, a reverse proxy protects and manages the servers.
When you visit a major website, you are typically communicating with a reverse proxy rather than the application server directly.
Key functions and benefits of a reverse proxy include:
Security and Anonymity: It acts as a shield, hiding the existence and characteristics of the origin servers
Because the proxy is the only entry point, attackers only see the proxy's IP address, keeping the actual backend servers hidden from the public internet

SSL Termination: Handling HTTPS encryption is CPU-intensive

• A reverse proxy can manage SSL/TLS decryption for all incoming traffic, freeing up the backend servers to focus on their primary tasks

Caching: To speed up performance, a reverse proxy can store (cache) frequently requested content, such as images or videos

• If a thousand users request the same file, the proxy can serve it from its cache instead of reaching out to the backend every time

Compression: It can compress outbound responses (using methods like GZIP) before sending them over the network to the client, which saves bandwidth

Traffic Inspection: Because it handles the requests first, it can scan for security threats, hacking attempts, or malicious code before the traffic ever reaches the internal network

---

Load Balancer

A load balancer is a specialized type of reverse proxy whose primary mission is to distribute incoming network traffic across multiple backend servers.

It acts as a traffic controller to ensure that no single server is overwhelmed, which optimizes the performance and reliability of an application

---

API Gateway

An API gateway is a specialized, API-aware reverse proxy that sits between clients and backend services to manage, secure, and monitor APIs. While it shares some capabilities with load balancers and standard reverse proxies—such as forwarding and distributing traffic—its primary purpose is to handle the "cross-cutting concerns" required when exposing APIs to the outside world.

Key functions of an API gateway include:
Authentication and Authorization: The gateway acts as a security checkpoint at the "edge" of the network.It validates tokens and checks permissions once, so that backend services do not have to duplicate this logic
. Invalid or unauthorized requests are rejected before they ever reach the internal services.

Rate Limiting: To prevent backend systems from being overwhelmed by intentional abuse or programming bugs, the gateway enforces limits on how many requests a client can make (e.g., 100 requests per minute).

Request and Response Transformation: The gateway can translate between different protocols or formats. For example, it might convert a client's JSON request into the XML format required by a legacy backend service, or strip sensitive internal fields from a response before it is sent back to the user

API Versioning: It allows for smooth migrations by routing traffic to different versions of a service based on the URL (e.g., routing /v1/users to an old service and /v2/users to a new one).

Analytics and Monitoring: Because it sees all incoming traffic, the gateway can track which endpoints are most used, monitor latency (P95), and identify which clients are generating the most errors.