What is the difference between a forward proxy and a reverse proxy?
Same middleman role, opposite side: a forward proxy sits in front of clients and represents them to the internet; a reverse proxy sits in front of servers and represents them to clients.
* Same middleman, opposite side: the forward proxy fronts the clients, the reverse proxy fronts the servers. *
Both are intermediaries that terminate one connection and open another — but they protect opposite ends of the conversation.
| Forward proxy | Reverse proxy | |
|---|---|---|
| Sits in front of | Clients (internal users) | Servers (backends) |
| Hides | The client from the server | The server(s) from the client |
| Who runs it | The client's network/org | The service owner |
| Typical jobs | Egress filtering, content control, caching, anonymity | Load balancing, TLS termination, WAF, SSO, single entry point |
Concrete picture:
- A forward proxy is what a corporate network routes outbound employee web traffic through — to filter, monitor, and cache what users reach on the internet.
- A reverse proxy is what users unknowingly hit first when they visit a website — it accepts inbound traffic and dispatches it to the right backend.
Why it matters for security: The reverse proxy is where you concentrate inbound defenses (WAF, rate limiting, auth) in front of your apps; the forward proxy is where you enforce outbound policy and can spot data exfiltration or malware callbacks.
Go deeper:
Wikipedia — Proxy server — forward vs reverse (and open) proxies, with diagrams of each direction.