Service Ports

Reverse Proxy and DDoS Protected services are based around the concept of 'Ports', 'Port Ranges' and 'DMZs'. A service may have multiple Ports, Port Ranges and optionally a DMZ entry for both TCP and UDP.

Port Types

Depending on your backend operating system and requirements the type of Port to use will vary. The Reverse Proxy setup type is the most simple.

Reverse Proxy Ports

A reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client as though they originated from the server itself (or servers themselves). This is the simplest method of configuration and does not necessarily require server access to the backend server however is not always compatible (see UDP) and does not allow the clients IP address to be retrieved on the backend server (e.g for banning).

HTTP
A HTTP reverse proxy. A TCP port that is mitigates against layer 7 attacks, connection pooled and optimized for HTTP services. A module or code is required to retrieve the connecting client IP.
HTTPS
A HTTPS reverse proxy, a SSL encrypted version of the HTTP port type. A module or code is required to retrieve the connecting client IP.
TCP
A TCP transparent reverse proxy. Valid packets arriving at this port are forwarded to your backend as specified.
UDP
A UDP transparent reverse proxy. Valid packets arriving at this port are forwarded to your backend as specified. This port has the same possible compatibility issues as a UDP reverse proxy due to lack of encapsulation.
FTP
A FTP transparent reverse proxy. Valid packets arriving at this port are forwarded to your backend as specified. This port supports Layer 7 modification of the FTP stream and opening of dynamic ports for data transfers.

Encapsulated Ports

A tunneled port communicates to the backend over a GRE, IPIP or IPSec Tunnel. The connecting client's IP is always retrievable with this port type. This port has the maximum compatibility with UDP services. This is compatible with Linux, Windows, BSD and many Router OS's. Automated setup scripts are provided for Linux, Windows, and some BSDs.

HTTP
A HTTP reverse proxy over a tunnel. An open TCP port that is mitigates against layer 7 attacks, connection pooled and optimized for HTTP services. A module or code is required to retrieve the connecting client IP.
HTTPS
A HTTPS reverse proxy over a tunnel, a SSL encrypted version of the HTTP port type. A server module or code is required to retrieve the connecting client IP.
TCP
A TCP port forward over a specified tunnel. Received packets at the specified port will be forwarded to the specified backend port on the tunnel endpoint. Unlike the Reverse Proxy method this port is not buffered and is not connection state aware and hence does not report connection errors to the log.
UDP
A UDP port forward over a specified tunnel. Received packets at the specified port will be forwarded to the specified backend port on the tunnel endpoint. This method has maximum compatibility as both the connecting clients IP address and Port is preserved.
FTP
A FTP server connected forwarded over a specified tunnel. Valid packets arriving at this port are forwarded to your backend as specified. This port supports Layer 7 modification of the FTP stream and opening of dynamic ports for data transfers.

HTTP(s) Ports

Unlike TCP and UDP which are OSI Layer 4 Protocols, HTTP is an OSI Layer 7 Port. Multiplexing is supported with other HTTP ports when using the Domain field to define Virtual Hosts. Only HTTP ports are protected against Layer 7 HTTP attacks.