In a client-server computing environment, an end user of a client computing device may initiate a request for a service provided by another computing device acting as a target server. For example, an end user may use a web browser client on a PC to request a web page. The web page may be stored on a web server and delivered to the PC in response to the request. The web browser may then render the received response on the PC for the end user.
In the client-server computing environment described above, the request from the client contains addresses associated with the client and the target server. Likewise, the response contains addresses associated with the client and the target server. In this way, the target server knows where the request came from; and the client knows where the response came from. If the target server becomes compromised by an attacker, however, the attacker may be able to acquire the client's address and direct an attack at the client. In a similar fashion, when the target server's address is publically known, the target server becomes much more susceptible to attack.
A typical proxy server provides enhanced security to clients in a client-server environment by hiding the clients' real addresses behind the address of the proxy server. The proxy server receives requests from the clients for services provided by target servers. The proxy server then relays the requests on behalf of the clients to the corresponding target server as if the requests originated from the proxy server, by replacing each client address with the address of the proxy server. In this way, the requests appear to be from the proxy server, and the corresponding target server is unaware of the individual clients. This allows the clients some protection from attacks originating from the target servers or other sources outside of the proxy server's internal network.
In a similar fashion, a reverse proxy provides protection to one or more target servers by receiving requests from clients on behalf of the target servers. Clients send their requests to the address of the reverse proxy server, which in turn replaces the address of the reverse proxy server with the address of the corresponding target server and relays the request to the corresponding target server. As such, individual addresses of the target servers are not publically known, and the target servers are better protected.
Hence, proxy servers provide protection for clients and reverse proxy servers provide protection for target servers by obscuring the existence of the clients and target servers, respectively. An attacker is unable to attack an unknown victim (client or target server). Proxy servers and reverse proxy servers, however, are vulnerable to attack and, once compromised, may be used by an attacker to reach the clients and target servers that were once obscured. This is possible because typical proxy servers and reverse proxy servers may originate a request to a client or target server, respectively, without receiving a corresponding request from an outside source.