Labs refers to the Deflect Laboratory that provides early access to experimental features. Please note that these features may be unstable and are subject to change without prior notice.
WebSocket (Coming soon) #
Define paths to allow WebSocket connections for your web app. Paths are matched by prefix, wildcards (*) are not supported.
WebSocket facilitates realtime communication between your browser and web server. However, it necessitates a special configuration in a reverse proxy setting such as Deflect. By specifying WebSocket paths, you can configure Deflect to proxy straight to your origin server with specific headers, thereby enabling WebSocket connections.
Security implications of WebSocket on Deflect #
To establish a WebSocket connection, Deflect needs to be configured to directly route traffic along specified paths to your origin server. However, this reduces Deflect’s capacity to safeguard your web server from bots and DDoS attacks on these paths. Despite this, basic protection measures like rate-limiting remain in effect.
Consult Deflect customer service before you enable this feature, if you are concerned about security.
WebSocket Timeout #
Defines how long a WebSocket connection remains open before timing out (in seconds).
Disable SSL Session Reuse #
By default, Deflect reuses the SSL session in the connection pool on the identical origin server. However, if your origin server hosts multiple virtual hosts with different domain names, disabling SSL session reuse may solve the SNI mismatch error.
For more details, please refer to troubleshooting SNI issues.
