Proxies

Every major system sits behind a proxy. Learn the difference between forward and reverse proxies, why the distinction matters, and how CDNs and API gateways are just specialised reverse proxies under the hood.

What you will learn

  • Distinguish forward proxy (client-side) from reverse proxy (server-side)
  • Understand what a reverse proxy enables: SSL termination, caching, compression, and centralised auth
  • Recognise CDNs, API gateways, and L7 load balancers as specialised reverse proxies
  • Know when to introduce a proxy layer in a system design

A proxy is an intermediary — a server that sits between two parties and forwards requests on their behalf. Instead of communicating directly, the parties interact through the proxy.

That simple idea underpins some of the most important capabilities in distributed systems: anonymity, caching, SSL termination, load distribution, and centralised access control. It also turns out that CDNs, API gateways, and Layer 7 load balancers are all just proxies with specific optimisations — which is why understanding the primitive matters.

There are two fundamentally different types, and confusing them is one of the most common mistakes in system design discussions.


A forward proxy sits in front of clients. It represents clients to the outside world.

When a client makes a request, it goes to the forward proxy first. The proxy forwards it to the destination server. The destination sees the proxy's IP address — not the client's.

Who it serves: clients What it hides: client identity from servers

Create a free account to read the full chapter — advanced chapters, progress tracking, and quizzes are free with sign-up.