Security and best practices for shares
While NetFoundry Frontdoor is designed with security at its core, exposing any service to the public internet requires careful planning. Frontdoor provides a robust, secure transport layer with many automatic protections, but it's essential to pair these features with your own application-level security and operational best practices. This guide covers both the built-in security features you get by default and the best practices you are responsible for implementing to keep your backend services safe, available, and easy to manage.
Automatic security features
All traffic is protected with SSL/TLS encryption while DDoS protection operates at the edge to defend against attacks. Request filtering and validation ensure only legitimate traffic reaches your backend services, complemented by rate limiting and throttling mechanisms that prevent abuse and maintain service stability.
Access control
While shares create public endpoints, you should implement appropriate authentication and authorization in your backend services. NetFoundry Frontdoor provides the secure transport layer, but application-level security remains your responsibility.
Implement proper authentication mechanisms in your backend services and use HTTPS for backend communications whenever possible. Monitor access logs consistently for suspicious activity patterns and consider implementing rate limiting within your application to prevent abuse and maintain service quality.
Temporary access
Shares can be created and destroyed as needed, making them ideal for temporary access scenarios. When you delete a share, the public endpoint is immediately removed.
Best practices
Naming convention
Use descriptive names for your shares that clearly identify the service and purpose:
api-production-v2demo-customer-portalstaging-webhook-handler
Backend health
Ensure your backend services are healthy and responsive before creating shares. Monitor your backend performance as public traffic patterns may differ from internal usage. Health checks can help you ensure your backend services are operating as expected.
Resource management
Clean up unused shares regularly to maintain a tidy environment while monitoring share metrics to understand usage patterns and performance trends. Plan for appropriate scaling measures if your share experiences high traffic volumes to ensure consistent service availability.