Proxy Anything Beta Feedback

beta
proxy

#1

Today we are launching a very limited beta for a new feature called Proxy Anything. If you are interested in participating, please submit a request using this form.

We’re excited to get your thoughts and ideas about this new feature. Let us know what you think - both good and bad, and how you end up using the product. Looking forward to hearing from you.

-Dani


OpenVPN on Port 80/443
Host ftp protection ddos
SIP and Cloudflare
#2

Hey there,

I’m seeing this when browsing to the proxy anything app


#3

@TheoM We will take a look! Thanks for reporting.


#4

I am very positively surprised. Everything works fine, except for the error described above. The transfer rate is also impressive

A quick test with iperf showed:
[ ID] Interval Transfer Bandwidth
[ 4] 0.0-10.0 sec 1.82 GBytes 1.57 Gbits/sec

The only criticisms would be the choice of ports (but in the document there was more to be added) and the design of the dashboard. The creation form looks a bit blumpy, and I can’t really see much (except for the current connections) on the dashboard. A statistics dashboard of the connections would be cool. A few additional features such as a button for automatically adding a CNAME entry would surely not be bad.

I will continue to test and contribute ideas ^^

Translated with www.DeepL.com/Translator


#5

Thanks @chris.p for the great feedback!

We’re working on additional ports as well as the look of the dashboard and soon Proxy Anything will automatically add the DNS record for you.

Great idea to add more analytics - is there something specific you would expect to see?


#6

The most important thing would surely be the number of connections and how much data was transferred.

What might not be bad would be a graphical display of which region/country most connections were established or which IP caused the most traffic.


#7

May or may not be caused by the same thing but I noticed this when using a browser with uBlock Origin (ad blocker) running. It was blocked due to the “/analytics/events” part of the URL matching one of its filters.


#8

That’s useful. Thanks @chris.p!


#9

Thanks @owennelson!


#10

@dani, thanks for getting me in the Beta!

It’s…uhhh…not quite exactly the utopia I was expecting. With just ports 43 and 44 open, it’s not browser friendly (browsers won’t browse on those “unsafe” ports). Granted, the existing setup already proxies a bunch of browser-friendly ports. This aspect was just some tinkering on my part.

I was also expecting it to magically proxy SMTP/POP/IMAP. I could probably put POP on 43 and IMAP on 44 and configure my mail clients as such, but SMTP can’t be moved away from 25 since it needs to be universally reachable.

This is all because I have a mail server that’s naked without a Cloudflare blanket to protect it.


#11

Is there any chance we could add a feature to this service? Basically the proxy would add a protocol layer, call it the proxy batching protocol, and forward batched tcp packets (for the sockets coming into the proxy) to the destination via a single tcp socket or something like UDT? (https://en.wikipedia.org/wiki/UDP-based_Data_Transfer_Protocol)

This would be a nice perf optimization in that user/kernel context switch overhead could be dramatically reduced/controlled (ie more data throughput per context switch). Given the context switch overhead has recently gotten much worse due to spectre and meltdown patches, I’m sure this sort of functionality would be very welcome in many stacks. Customers could dramatically decrease their VM instance counts as well, rather than increase them due to the increased cpu overhead from latest security patches.

With respect to UDT, using recvmmsg and sendmmsg would be the magic calls on Linux. For Windows, use RIO (registered i/o) to do the same thing. Send/recv many packets per context switch. Could possibly use DTLS to encrypt the datagrams?

BTW, doing the same thing for the websocket proxy would be useful as well.

Talk about a massive value add!

Thoughts?


#12

@sdayman In the next two weeks we are adding a lot more ports – let us know if there’s a specific port you were looking for.

For SMTP we also need to add TLS support - that’s coming soon. Excited you’ll be able to use it to protect a mail server.


#13

@jdavis We’re absolutely going to add features to optimize TCP performance and demultiplex. The UDT draft expired in 2010 so it might not be that exactly. https://tools.ietf.org/html/draft-gg-udt-03


#14

@dani That’s awesome! Is there any way I could get plugged in? I might be able to help by writing some perf tests. Also, if UDT isn’t an option, Aeron might be a possibility https://github.com/real-logic/aeron

I’m sure DPDK is already being used, just some other links which could be useful on server and demux’d client side:


https://shader.kaist.edu/mtcp/
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh997032(v=ws.11)

Given Intel is shipping Stratix w/ Xeon’s, this is also incredibly interesting, could take pub/sub w/ regex or other pattern matching to a whole new level:


#15

I’m always a little cautious about my data.

A question that has been haunting me ever since I started using Cloudflare services: What about data security and data protection?

The latest transparency report reported that no traffic was diverted to government requests or keys were passed on. If users send e. g. SSH, e-mail and other confidential traffic through the Cloudflare network in parallel to the web proxy service, the question should be asked. After all, it’s a lot of responsibility and trust for Cloudflare.

Could you imagine including “Proxy Anything” in the transparency report for next year?


#16

Thanks @jdavis!!


#17

Great question. I’m not sure but @justin will know.


#18

We will review for inclusion in the next Transparency Report. Great idea.


#19

@dani why not just contract the Aeron guys at real-logic to build what we were talking about? https://gitter.im/real-logic/Aeron

I’m sure Todd and Matt could knock it out pretty quick.


#20

@dani I think I found another bug:

When trying to delete a proxy anything application I get this: