How does a reverse proxy server improve your security?

Question

I'm trying to learn about why reverse proxy servers are useful. I just read...

Security and anonymity – By intercepting requests headed for your backend servers, a reverse proxy server protects their identities and acts as an additional defense against security attacks. It also ensures that multiple servers can be accessed from a single record locator or URL regardless of the structure of your local area network. https://www.nginx.com/resources/glossary/reverse-proxy-server/

Why is it helpful that the identity of your backend servers are hidden? Couldn't one just still attack them through the reverse proxy server like how any normal client visiting the app would access them?

Answer 1

You can fine-tune the access restrictions for every request, apply rate-limiting and load-balancing so a possible attack may not bring down your whole infrastructure. Especially the load-balancing aspect is key. Additionally, the only server visible to the internet is the reverse proxy, so it's not a trivial task to map your entire server structure as it would be if you exposed them all.

A common use-case is setting the reverse proxy up as the SSL gateway so you can communicate via HTTP behind the firewall. Failover for non-responding servers is also possible. Adding additional servers to the setup is trivial this way.

Apart from this, the immediate benefit is a centralized setup that you don't have to replicate for all the servers behind the firewall. Also, a reverse proxy enables you to expose only HTTP/HTTPS port for one external IP address but have multiple services running with local IPs you can route wherever you want.

Please note that this question likely belongs on Server Fault since it's related to network and server infrastructure.