Partners / Technology Partners / Cloudflare / Argo Tunnel >
Advanced malicious actors can bypass cloud-based security protection by uncovering and attacking origin IP addresses and open ports.
Common approaches to protecting web servers from direct attack include creating ACL’s and whitelisting incoming IP addresses or establishing a GRE tunnel. Such approaches are cumbersome to setup and maintain, lack integrated encryption, and can introduce additional latency and expensive fees.
Using a lightweight daemon installed on the origin infrastructure, Cloudflare creates an encrypted tunnel between the nearest Cloudflare data center and origin without keeping public inbound ports open.
As a result, volumetric DDoS attacks on the HTTP/S ports cannot directly overload web servers. Attempts at data breaches, such as brute force attacks, can be detected and blocked since traffic is enforced to go through Cloudflare’s proxies.

PROTECT WEB SERVERS FROM DIRECT ATTACKS
After deploying Argo Tunnel and closing ports, only web traffic flowing through Cloudflare’s Security Services and a secure encrypted tunnel can reach the origin. DDoS and data breach attempts can no longer directly reach origin web servers through their public IP addresses.

PROTECT WEB SERVERS FROM DIRECT ATTACKS
After deploying Argo Tunnel and closing ports, only web traffic flowing through Cloudflare’s Security Services and a secure encrypted tunnel can reach the origin. DDoS and data breach attempts can no longer directly reach origin web servers through their public IP addresses.

PROTECT WEB SERVERS FROM DIRECT ATTACKS
After deploying Argo Tunnel and closing ports, only web traffic flowing through Cloudflare’s Security Services and a secure encrypted tunnel can reach the origin. DDoS and data breach attempts can no longer directly reach origin web servers through their public IP addresses.
