Who needs a reverse proxy solution, such as Cloudflare?
- Multinational organizations that do business worldwide but have a server or servers in a single country.
- Organizations with frequent surges in traffic, perhaps due to specific events or campaigns.They want their websites and apps to serve site visitors quickly and consistently through the surges.
- An organization with controversial content likely to attract malicious online attack.
WHAT IS A REVERSE PROXY? HOW DOES A REVERSE PROXY WORK?
A reverse proxy is a wall between your end users and your web server. Any request coming from your end users goes to the reverse proxy, which in turn makes a request to your web server, if needed, and sends the result to the end user.
Everything filters through the reverse proxy. The end user never directly touches your server.
Services such as Cloudflare go further. Cloudflare’s global infrastructure of “edge nodes” (currently around 200 data centers in 90 countries), rather than a single server, responds to requests. And that entire infrastructure can transform requests between end users and your web server in ways that can improve performance, security, and availability.
The significant benefits of reverse proxies come with risks and overhead. Certain types of scenarios lend themselves well to reverse proxy use. But some sites may not see as much of a benefit, as I found when I experimented with Cloudflare, the biggest player in the reverse proxy market.
BENEFITS OF USING REVERSE PROXIES
- Improved performance – Reverse proxies, like CDNs, have global networks of edge nodes. Regardless of the physical location of your web server, edge nodes are close to your end users. This proximity keeps latency down. The nodes also cache content from your site, which reduces the number of requests your web server must handle. Cloudflare can also compress content and images to shorten load time.
- Greater up-time – Because reverse proxies cache data from your site, they can keep your site – or key portions of it - online even if your web server goes down. It’s true that routing all traffic through a reverse proxy adds a potential failure point to your website. But Cloudflare built a massive infrastructure and dedicated significant resources to keeping everything up and running. At any given moment, thousands of engineers around the world are working to keep every Cloudflare site online. Who’s tending to your web server at 3 a.m. Sunday?
- Increased security – Think of Cloudflare as the bouncer at your bar. It monitors incoming requests and rejects suspicious ones. The global infrastructure makes Cloudflare a formidable defense against distributed denial of service (DDoS) attacks. This common type of attack takes sites offline by inundating them with far more traffic than they can handle. Cloudflare can also manage HTTPS for your site. It automates certificate management and redirection of HTTP requests to HTTPS. And it can serve as a web application firewall, by rejecting requests that appear to be probing for common web application vulnerabilities.
WHEN A REVERSE PROXY SOLUTION MAY NOT BE SUITABLE
- If you update your website content frequently, caching of content might prevent users from accessing new content immediately after you publish it. Certain mechanisms can clear the cache automatically (much like a nav refresh in Titan CMS), but those mechanisms add another step to publishing content.
- Intranets, extranets, and sites where users regularly log in have less to gain from a reverse proxy. One of the key values of a reverse proxy is its ability to cache content – and when content is tailored to a specific user, services like Cloudflare don’t bother caching it.
- Companies in heavily regulated industries, such as healthcare, finance and government may not be good candidates. Because content is distributed across physical servers spread across the globe, an organization may be subject to additional regulatory jurisdictions.
NORTHWOODS VS. SOUTHWOODS: A CLOUDFLARE EXPERIMENT
I experimented with Cloudflare on Northwoodsoft.com, the main website for Northwoods. I duplicated the Northwoods site to create its nemesis, Southwoods. (We really dislike those guys.) The mirror sites allowed me to compare performance on the exact same site on the same server with and without Cloudflare. The two sites were identical in every way, except that I put Cloudflare in front of the Southwoods site.
Fig. 1 – Northwoods Website
Fig. 2 – Southwoods Website
I used the free version of Cloudflare for my experiment. This version offers basic services, such as caching and access to the global network of edge nodes. (Modest plan costs make Cloudflare affordable for small and large companies alike.)
I ran an initial round of tests from my workstation at the Northwoods office. But to really test Cloudflare’s global network, I wanted to hit the Southwoods site (via Cloudflare) from the other side of the world. Sadly, the higher-ups turned down my request to fund a
vacation business trip to a nice South Pacific island to test this out. Instead, I spun up a virtual machine in an Azure data center in Singapore and ran tests from there. I earned no frequent flyer miles, but I could effectively test performance from the other side of the world.
The Southwoods site outperformed the Northwoods site in several metrics, according to reports generated through Google’s Lighthouse.
- Overall increased performance. The Lighthouse performance metrics generally ran 10-20 points higher over Cloudflare. The more content/assets Cloudflare could cache for a page, the better the performance tended to be. For overall performance, the Southwoods site came out ahead. Boo Southwoods.
- Client location didn’t significantly impact performance. Southwoods performance changed little whether I hit its site from Wisconsin or Singapore. No surprise there. More surprising: The same test got the same result at the Northwoods site; even without Cloudflare, the Northwoods site got a similar score when run from Wisconsin or from Singapore. I’m not sure if the Lighthouse test filters out that initial request latency, or if some magic at Azure (which hosts the Northwoods site) minimizes that latency.
- Cloudflare requires initial leg work and tweaking. We had to fine-tune some of the caching that Titan CMS performs to optimize it to work with Cloudflare. (Our Southwoods friends had to come in on a weekend to perfect things. We weren’t too sad about that.) Cloudflare worked just fine out of the box, but you may get more out of it if you take the time to optimize your CMS to work with it.
So the differences were small. But Cloudflare did yield increases in some key performance metrics. And small improvements can matter to organizations looking for that slight lift in speed or some other site performance indicator.
Consider your site and your situation when contemplating a reverse proxy such as Cloudflare. Website hosting is certainly more complex today than it was 10 or 15 years ago. Since your server is no longer your entire hosting infrastructure, it makes sense to carefully weigh the pros and cons of a reverse proxy.
Cloudflare could be a great option to help boost your overall website or app performance – by a lot or by just enough to outperform competitors. It can improve site availability in a cost-effective manner, and it can counter potential online attacks or malicious traffic.
We can help you decide whether Cloudflare is right for you; give us a call. We have more than 20 years of experience in website hosting and performance optimization, and we can help you make the right choice for your organization.
* Northwoods does not have a partnership with Cloudflare and is not receiving any monetary or other type of compensation as a result of this blog post. *