MyWorkDrive Cloudflare® Tunneling Integration
Our MyWorkDrive File Remote Access Server web portal can be easily integrated with Cloudflare® Argo services to automatically provide a secure web address without exposing the MyWorkDrive server to the internet or provisioning security appliances. The public Internet does its best to deliver your content — but it can’t account for network congestion, leading to slow load times and a degraded end-user experience. By simply enabling Cloudflare Argo to proxy DNS name resolution for a host, real-time network congestion and routing of web traffic across the fastest and most reliable network paths is automatic. On average, web sites perform 30% faster. Optionally customers may also utilize Argo Tunneling to reverse proxy traffic through an Argo tunnel agent. While large enterprise customers may wish to use their own direct connection (with their own hostname/SSL Certificate) and manage their own Office Online server, by utilizing our integration with Cloudflare’s Argo and tunnel service the same or better network speeds, security and compliance objectives can be more easily achieved by companies of any size.
Using a lightweight agent installed on the MyWorkDrive Server, Cloudflare Argo Tunnel creates an encrypted tunnel between the nearest Cloudflare data center and the MyWorkDrive server without opening a public inbound port. This offers an additional layer of protection to keep the MyWorkDrive server website available by protecting the IP address from exposure and DDoS attacks. Starting with Version 5.4 MyWorkDrive integration is easy, simply enable our Cloud Web Connector or Office 365 Online integration.
Argo Smart routing
Automatically routes traffic around network congestion to improve performance and reduce latency. The Cloudflare network routes over 10 trillion global requests per month — providing Argo Tunneling a unique vantage point to detect real-time congestion and route web traffic across the fastest and most reliable network path.
The built in Web Application Firewall (WAF) features protect again Cross-Site Scripting, SQL Injection, Cross-Site Request Forgery and the OWASP Security rule set at the edge, protecting your MyWorkDrive website from the OWASP top-10 vulnerabilities at all times. By utilizing the Cloudflare Tunneling service an A+ rating on Qualys SSL Labs SSL Scan is achieved instantly with no manual configuration or lockdown of IIS protocols needed. Cloudflare’s Web Application Firewall (WAF) is PCI compliant which enables customers to achieve PCI requirement 6.6 instantly when enabled alongside MyWorkDrive.
Denial of Service Protection
DDoS stands for Distributed Denial of Service and is a term used to describe attacks on the Network, Transport, and Application layers of the Open Systems Interconnection (OSI) model. Attacks at the Network, Application and IP layer are automatically dropped at the Cloudflare network before ever reaching your MyWorkDrive Server.
Automatic SSL Installation
MyWorkDrive server automatically provisions and deprovisions unique SSL Certificates for use exclusively by each MyWorkDrive server. The SSL integration between the MyWorkDrive Server and Cloudflare Argo Tunneling is automatic, and ensures your website is encrypted from end-to-end without exposing your servers to the internet or managing SSL Certificates and firewall rules.
How it works
Argo tunnel works by installing an agent on each Windows IIS Web Server. The tunnel agent is configured to connect to a local port and makes a secure connection outbound on TCP port 7844 to the Cloudflare networks. No inbound firewall ports need be exposed. Next a host is created and configured in Cloudflare to relay inbound requests to the internal host (the origin). In advanced configurations internal origin hosts can be configured for failover and load balancing. Cloudflare Argo requires TCP port 7844 outbound from your server to Cloudflare IP’s.
Starting with Version 5.4 of MyWorkDrive Cloudflare tunnels are configured automatically for you when our Cloud Web Connector or Office 365 Online services are enabled with a 100 MB file size limit restricted to our MyWorkDrive.net domain. With version 6.1.1 and later, the file size limit is raised to 200MB To create your own Cloudflare tunnels not subject to these limits; review the Cloudflare Argo documentation here.
Running your own Cloudflare with MyWorkDrive
Two important notes to be aware of when running your own Cloudflare tunnels with MyWorkDrive.
1) MyWorkDrive sets the Argo service to use the location c:\wanpath\wanpath.data\settings for the cloudflare yml and pem files. To make future upgrades easier, it is suggested you utilize those locations for your files as well. Note that they will be overwritten on each upgrade, so keep a backup of those files to restore after upgrading MyWorkDrive. Restore them before starting the Argo service.
2) The Cloudflare WAF may occasionally false positive on the MyWorkDrive API for Map Drive clients and result in corrupt documents being saved. If you are using the Cloudflare WAF, you are encouraged to monitor the logs and adjust rules to avoid data corruption. In particular, the OWASP package.