Reverse proxying is typically used for caching of data. to speed up web request. but can also be used to allow multiple vhosts run on one IP even though the back'end http server does not support vhost in the headers, it can also be used for LoadBalancing.
Eg. you can trigger all inncoming request that has
www.linuxforums.com in the header to go to a particular host. and if you connect with
www.kernel.org in the header you are connected to a different backend host. even though they are located on different servers. (Kinda like NAT only in layer 6/7).
Client
|
Reverse Proxy server
| |
| |
Host1 Host2(optional)
The biggest issue with keeping the actual backend server anonymous is keeping the server from leaking information. e.g: making the origin server call back to the client directly.
Also, make sure that you keep
UTC timezone, sync the clock on the server to a generic (non local) NTP server. (otherwise you could leak out location based of that)
Keep the
hostname of the backend server to something simple like "localhost" and
modify the 404, and other response files in the HTTP server to remove server information. also
disable debug information if your using
PHP or ASP/.NET.
The best way to make sure you server is anonymous is to look at the actual packet data (Wireshark capture). also, make sure that your server is
not vulnerable to injection attacks that may cause the back-end server to contact the client directly.
Now if you are trying to serv very "black" information. you might consider using a darknet to hide the server. E.g inside i2p or as a Tor hidden service.
I dont have any experience with darknets. but i think that irongeek.com has some good guides on darknets and how to hide yourself in them.
You could also combine them. having a reverse proxy server on the public internet, that redirects to a hidden server in a darknet. this way, if the proxy server gets compromised, they will have problems locating the server in the darknet, trying to find the server located in the darknet is typically hard to do(if done correct).
It all depends on how good you want to hide your physical server.
Bookmarks