Reverse Proxy Servers and Vercel
Learn why reverse proxy servers are not recommended with Vercel's firewall.We do not recommend placing a reverse proxy server in front of your Vercel project as it affects the Vercel's firewall in the following ways:
- Loss of traffic visibility: Vercel's Edge Network loses full visibility into the traffic, which reduces the effectiveness of the firewall in identifying suspicious activity.
- Real end-user IP addresses cannot be accurately identified.
- If the proxy undergoes a malicious attack, this can be forwarded to the connected Vercel project and cause usage spikes.
However, you may still need to use a reverse proxy server. For example, your organization has legacy web applications protected by a reverse proxy and mandates that your Vercel project also uses this reverse proxy.
In such a case, you want to ensure that Vercel's platform-wide firewall does not block this proxy server due to the reasons mentioned above.
To facilitate reverse proxy setup and keep you protected at the same time, Vercel uses the concept of verified proxies. They are a list of popular CDN vendors that Vercel will recognize and support by default. Verified proxies are enabled by default for the providers in the list below. However, some providers may require additional configuration on your side, in which case you should contact Vercel's support for help with the additional configuration.
| Provider | Configuration required |
|---|---|
| Fastly | No |
| Google Cloud Load Balancing | Yes: Contact support |
| Cloudflare | No |
| AWS CloudFront | Yes: Contact support |
| Imperva CDN (Cloud WAF) | No |
| Akamai | Yes: Contact support |
| Azure Front Door | No |
If the provider of your reverse proxy server is not on the list above or if you are running your own reverse proxy server such as Nginx on a cloud provider, please contact Vercel's support if you are on the Enterprise plan.
Was this helpful?