Forward Proxy

A forward proxy is a server that sits between a group of clients and the wider internet, making outbound requests on their behalf. Where a reverse proxy represents servers to incoming clients, a forward proxy represents clients to outside servers — it is the mirror image. The destination sees the proxy as the origin of the request, not the real client behind it.

What it does

A forward proxy can hide client IP addresses for privacy, enforce egress policy (allowing or blocking which sites a network may reach), cache frequently requested content to save bandwidth, and log or filter outbound traffic. Corporate and institutional networks use them to centralize control over what leaves the network; privacy-minded users use them to add a layer of separation between themselves and the services they contact. An anonymizing network like Tor is, in effect, a sophisticated multi-hop forward proxy.

Relevance to sovereignty

For a self-hosting operator, a forward proxy is a control point for everything your own machines reach outward — useful for routing a node's traffic through Tor, containing a device that should only talk to a whitelist, or inspecting what a piece of software phones home. Controlling egress is an underused complement to the inbound filtering of a firewall: even a compromised host is far less dangerous if it cannot freely reach the internet.

It is the conceptual counterpart to the reverse proxy and a building block of network egress control.