The VergeCloud Layer 4 Proxy feature enables enhanced security and performance for applications that use TCP or UDP protocols. This feature is designed to route non-web protocols, such as email, SSH, FTP, and gaming, through TCP or UDP on VergeCloud's network. By routing traffic through VergeCloud, you can conceal the origin server's address, protecting it from potential DDoS attacks.
Upon setting up a Layer 4 proxy, VergeCloud assigns a dedicated IP address from its own IP range, or you may opt to transfer your own IP for exclusive use within VergeCloud’s Anycast network. This functionality ensures that your applications and websites operate with increased security and optimized traffic handling.
VergeCloud's Layer 4 Proxy can be effectively utilized by organizations hosting high-demand TCP/UDP applications, such as email servers, gaming platforms, or financial transaction systems. For instance, a gaming platform could leverage Layer 4 Proxy to enhance security against DDoS attacks, ensure low latency, and maintain secure, consistent connections for players around the globe.
In the Application Settings section, start by entering a name and description for your application. Choose the subdomain where you want the Layer 4 proxy to be active. Note: Ensure that the subdomain you select is not in use by any other application.
Select the protocol (TCP or UDP) based on your application’s requirements. Once selected, this cannot be modified.
Choose a unique port for the CDN network to host user requests. Each application must have a distinct port, and the selection cannot be edited afterward.
To see the user's real IP in your logs, you can activate the PROXY PROTOCOL, which forwards the user’s IP to your service. VergeCloud supports:
Create a cluster by entering the IP addresses of multiple origin servers. Define how requests are distributed across these servers using Load Balancing algorithms:
VergeCloud monitors your cluster servers and can temporarily disable any server experiencing repeated errors. Set the Repetition Interval to define how frequently VergeCloud checks server status, and configure the Number of Tolerable Errors to specify how many errors trigger server exclusion.
Configure firewall settings to block specific IP addresses or restrict access by country. VergeCloud's Layer 4 Proxy provides DDoS protection, redirecting potential SYN and SYN-ACK attacks to VergeCloud’s edge servers and shielding your origin server’s IP from exposure. We recommend restricting IP access to only the VergeCloud IP range.
Contact VergeCloud support through tickets or organizational support groups to complete the activation of your Layer 4 Proxy setup.
curl -X POST https://api.vergecloud.com/v1/layer4proxy \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-d '{
"name": "MyApplication",
"subdomain": "example.myapp.com",
"protocol": "TCP",
"port": 12345,
"proxy_protocol": "v1"
}'
To validate the Layer 4 Proxy setup, you can test using the following tools and methods:
curl
: Run a curl
request to the application’s IP and check for the expected response.dig
: Use the dig
command to verify DNS resolution to the correct IP.