Servers that sit between two parties and intercept their traffic for some purpose.
Switch the proxy type and see which side it sits on.
Hides your servers from the world (TLS, caching, load balancing, one front door).
Both are middlemen, the difference is which side they protect. A forward proxy fronts the clients (privacy, filtering). A reverse proxy fronts your servers and is where TLS termination, caching, and load balancing usually live, which is why it shows up in almost every architecture.
Plain English: a middleman server. A forward proxy speaks on behalf of the client (your VPN, your work proxy). A reverse proxy speaks on behalf of the server (Nginx in front of your app). Same idea, opposite sides.
A proxy mediates between a client and a server. A forward proxy acts on behalf of the client (think: corporate web proxy, VPN). A reverse proxy acts on behalf of the server (think: Nginx in front of your app servers, where load balancer, API gateway, CDN edge are all reverse proxies).
Different problems for each direction. Forward proxies provide content filtering, caching, anonymization, or access control for clients in a network. Reverse proxies provide load balancing, TLS termination, caching, auth, and abstraction in front of backend services.
Forward proxy: client is configured to send requests through the proxy, which forwards them to the destination. Reverse proxy: clients hit a single address; the reverse proxy routes the request to one of many backend servers based on URL, headers, or load.
API Gateway is a reverse proxy with auth + rate-limiting
Edge proxy IS a reverse proxy that runs rate-limit checks
Zuul is a reverse proxy for control-plane traffic; CDN edges are reverse proxies for video bytes
Proxies come up as infrastructure in almost every system design, but they're rarely the main topic. The signal is to use the right vocabulary: when you say 'Nginx sits in front of my app servers,' that's a reverse proxy, say that word. Know that a service mesh like Envoy is a sidecar reverse proxy that handles mTLS, retry, and circuit breaking between services. Candidates who just say 'load balancer' and skip the proxy layer miss the chance to show architectural depth.