Secure reverse proxying occurs when one or more of the connections between the proxy server and another machine uses the Secure Sockets Layer (SSL) protocol to encrypt data.
Secure reverse proxying has many uses:
It can provide an encrypted connection from a proxy server outside a firewall to a secure content server inside the firewall.
It can allow clients to connect securely to the proxy server, facilitating the secure transmission of information (such as credit card numbers).
Secure reverse proxying causes each secure connection to be slower due to the overhead involved in encrypting your data. However, because SSL provides a caching mechanism, two connecting parties can reuse previously negotiated security parameters, dramatically reducing the overhead on subsequent connections.
There are three ways to configure a secure reverse proxy:
Secure client to proxy. This scenario is effective if there is little or no chance that the information being exchanged between your proxy and content server can be accessed by unauthorized users (see Secure Reverse Proxying).
Secure proxy to content server. This scenario is effective if you have clients inside the firewall and a content server that is outside the firewall. In this scenario, your proxy server can act as a secure channel between sites (see Secure Reverse Proxying
Secure client to proxy and secure proxy to content server. This scenario is effective if the information exchanged between the server, proxy and client needs to be secure. In this scenario, your proxy server can act like a secure channel between sites with the additional security of client authentication (see Secure Reverse Proxying).
For information on how to set up each of these configurations, see Setting up a Reverse Proxy.
In addition to SSL, the proxy can use client authentication, which requires that a computer making a request to the proxy provides a certificate (or form of identification) to verify its identity.