How Reverse Proxies Actually Work Behind Websites

A reverse proxy accepts requests from clients on behalf of one or more backend servers. From the client's perspective, it's talking directly to the website. From the backend's perspective, all traffic arrives through the proxy.

What a reverse proxy does

• Terminates TLS: handles the SSL/TLS handshake so backends don't have to manage certificates individually.
• Load balancing: distributes requests across multiple backend instances.
• Caching: serves cached responses for repeated requests without hitting the origin.
• Request filtering: applies WAF rules, rate limits, and bot scoring before traffic reaches the application.
• Origin protection: hides the origin IP so attackers can't bypass the proxy and attack the server directly.

Reverse proxy vs forward proxy

A forward proxy sits in front of clients (a corporate proxy that routes employee traffic through a gateway). A reverse proxy sits in front of servers. The direction it faces determines the name: forward toward the internet, reverse toward the origin.

Karbon operates as a reverse proxy, sitting in front of your origin to filter, score, and log all inbound traffic before it reaches your application.