0
0
HLDsystem_design~7 mins

Reverse proxy concept in HLD - System Design Guide

Choose your learning style9 modes available
LearnWhyDeepArchPracticeChallengeDesignRecallScale
Problem Statement
When clients send requests directly to backend servers, those servers can become overwhelmed by traffic spikes, exposing them to security risks and making it hard to manage load or apply centralized controls. Without an intermediary, backend servers also reveal their internal structure, increasing attack surface and complicating maintenance.
Solution
A reverse proxy sits between clients and backend servers, receiving all client requests first. It forwards requests to appropriate backend servers, handles load balancing, caches responses, and applies security rules. This setup hides backend details, distributes traffic evenly, and improves performance and security by centralizing control.
Architecture
Clients
Clients
Reverse Proxy
Reverse Proxy
Backend 1

This diagram shows clients sending requests to a reverse proxy, which then forwards them to one of multiple backend servers.

Trade-offs
✓ Pros
Improves security by hiding backend server details from clients.
Enables load balancing to distribute traffic evenly across servers.
Allows caching of responses to reduce backend load and improve latency.
Centralizes SSL termination and authentication for easier management.
✗ Cons
Introduces an additional network hop, potentially adding latency.
Becomes a single point of failure if not properly replicated.
Adds complexity to system architecture and deployment.
Use when you have multiple backend servers needing load distribution, want to improve security by hiding internal servers, or need centralized control for caching, SSL, or authentication.
Avoid when your system is very simple with a single backend server and low traffic, where the added complexity and latency of a reverse proxy outweigh benefits.
Real World Examples
Netflix
Uses reverse proxies to route user requests to appropriate streaming servers while hiding internal infrastructure and balancing load.
Amazon
Employs reverse proxies to manage traffic to backend services, enabling caching and SSL termination at the edge.
Uber
Uses reverse proxies to secure APIs and distribute requests among microservices efficiently.
Alternatives
Load Balancer
Focuses mainly on distributing traffic evenly without necessarily hiding backend details or providing caching and security features.
Use when: Choose when you only need simple traffic distribution without additional proxy features.
API Gateway
Acts as a reverse proxy but also provides API-specific features like request transformation, rate limiting, and authentication.
Use when: Choose when managing APIs with complex routing and security policies is required.
Summary
Reverse proxies protect backend servers by acting as intermediaries for client requests.
They enable load balancing, caching, and centralized security controls.
They are best used in systems with multiple backend servers or complex traffic management needs.