Firewalls. Instead of just letting any packet on port 80 through, use a reverse proxy. This means that no TCP/IP packet passes through the firewall. Data of course will, but only if it's valid HTTP.
URL rewriting. Shielding your internal layout from the outside world.
SSL accellerator. Doing your encryption/decryption at a dedicated reverse proxy means it cannot only be done by a service that's optimally configured for this task, but it also means that on the inside, your architecture can be simpler.
Access control. Is user X allowed to access URL Y. Doing this at a reverse proxy means you can have global rules - and not every project on the inside needs to worry about this type of access control.
Caching.
Load balancing/High availability.
Scary thing is, I've once worked on a project where they used all of the points mentioned above. With different departments controlling different reverse proxies. Which made debugging fun, fun, fun!