Hi All,

I am just visualizing how a reverse proxy works.
Squid, a open source tool can be configured to work
as a reverse proxy.

Actually a reverse proxy lies inbetween the Internet and the Web server. When a request from a client comes in , the request first goes to the proxy server. The proxy server will look in its cache for the requested page,if it is there in the cache, it will send the requested page to the client or it will forward the request to the original web server.
In such a scenario, the proxy server listens at port 80 and the web server listens at some other port other than normal port 80.The squid is also configured in such a way that request for dynamic contents are forwarded to the original web server.


My confusing is regarding the how the web browsers will know that it has to first contact the proxy server instead of the web server.
One way that can be done which I am thinking is, when I get a registered ip address for my web server , instead of assigning the ip address to the web server , I will assign it to the proxy server. The proxy server is configured in such that any request that comes to it , it will forward it to the web server if the request is not available in its own cache . In that case , the web server will
have a private ip address.
The advantage with reverse proxy is that security of my web server is increased because it is not visible in the internet and also the load on the web server is reduced because the static web pages are served by the proxy server.

Is my understanding is correct. If any guys have implemented reverse proxy , please let me know whether the fact that the DNS will resolve for proxy server instead of web server is correct or not as I mentioned above .

Pretty much correct…

Is there a question here?

well yes that's exactly it. what you're much more likely to do is say that your firewall is facing the internet. any hits on the firewalls ip address for port 80 will be forwarded to the squid server. that then just uses it's own largely default caching logic to know whether to send the request on to the destination or not, just like any other caching operation. well, nearly just the same, only difference is that the squid box will recieve standard http requests not http-proxy requests, but other than that exactly the same rules apply. also you can look at using squid as a fornt end to a number of seperate boxes, either identical clones or not, to allow a more resilient architecture.

you're wrong to really be asking about a DNS entry or anything, not really relevant. if www.domain.com resolves to a box that runs squid on port 80, what else do you think is going to happen? but as above you would have these boxes on a private LAN with a decent firewall having the actual internet ip addresses.

Okay, I understand that. What I can't figure out is how to allow other traffic from the internet go through squid to a server.
In other words I want to use squid as a reverse proxy for tcp traffic other than http.
How are those acls and rules set up?