There are a variety of reasons people run reverse proxies against GAE. Someone in this thread has already mentioned they do this to support access from China. That poor developer getting DDOS'd would probably like to use CloudFlare right now. Folks using wwwizer and custom solutions for SSL ($1200/year is very painful to bootstrappers us... I can't even imagine what that would be like for a small developer in India).
These proxies are all subject to being DOSed (deliberately or not) by one script kiddie on dialup. Basically, GAE does not safely support any kind of reverse proxy. This needs to be a huge red warning label in the documentation, but there is nothing. The subject has not been brought up on this list in the last three years, through many discussions of running proxies to get around things like the GFW. This is the first time it has come up. It's an armed landmine. It really should be defused for appengine, because as soon as this thread fades into the archives otherwise savvy developers are going to step on it again. Or script kiddies are going to figure it out and GAE is going to get another huge black eye on Hacker News. Jeff On Wed, Aug 1, 2012 at 7:14 PM, Drake <[email protected]> wrote: >>whitelist / headers > > Playing with the headers sucks. > CF plays with theirs a lot, so if you are in the business already, be in the > business. > > If you Cache you kind of have to, because Referrer often isn't going to be > what is expected. > > CF runs on other people's IPs so they have less control over being white > listed. (if this is outdated I apologize) > > NGinX isn't designed to run quite the way they run their setup, and there > are some weird issues that arise from that. This is one of the hardest > things about being a CDN, you are trying to do the best fetching possible > and minimize load, but you have to muck with stuff because if Shiela in > Australia requests a page, and Bobby in the UK requests a page you want to > serve the latter out of cache, but that means that when Bobby request the > next page his sessions, and referrer is going to look strange to the target > server. > > At this point... There is almost no need for a CDN on GAE. Page Speed does > this MUCH better than CF. Almost as well as CDN In A Box does, but with > fewer "gotcha's" than either (CIAB never liked Authenticated users as much > as I wanted it to... and it has had trouble with Japanese and Korean > characters from time to time, (so does CF)) > > For mom and pop, use Page Speed by Google it is a one click bolt on to GAE. > For Enterprise Go with Akamai. > > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
