A reverse proxy is a special deployment case of a proxy server. In a reverse proxy, the reverse proxy server can be located in the following locations:

A reverse proxy deployment allows you to expose specific content provided by a web server without actually exposing the web server to the client.

In a reverse proxy, the proxy server functions like a web server with respect to the clients it services. Unlike internal clients, external clients are not reconfigured to access the proxy server. Instead, the site URL routes the client to the proxy as if it were a web server. Replicated content is delivered from the proxy cache to the external client without exposing the original server or the private network residing safely behind the firewall.

The following diagram displays some of the basic components of a reverse proxy configuration. In this diagram, the proxy server is between two firewalls:

This type of configuration is a basic configuration. The area between the two firewalls is known as a demilitarized zone (DMZ). If someone takes control of the proxy server, the person does not have control of the application server nor does the person know the location of the application server. Notice the firewall between the client systems and the proxy server, and between the proxy server and the web server. This second firewall makes this is a very secure environment.