River Reverse Proxy

The Story

Just about every significantly-sized deployment on the Internet makes use of reverse proxy software, and the most commonly deployed reverse proxy software is not memory safe. This means that most deployments have millions of lines of C and C++ handling incoming traffic at the edges of their networks, a risk that needs to be addressed if we are to have greater confidence in the security of the Internet.

In order to change this, Prossimo is investing in new reverse proxy software called River, which will offer excellent performance while reducing the chance of memory safety vulnerabilities to near zero. Some of its most compelling features:

• Built on Cloudflare's Pingora framework, which is already serving huge amounts of traffic for Cloudflare. This gives us confidence that the underlying network internals are ready for the real world.
• Better connection reuse than proxies like Nginx due to a multithreading model, which greatly improves performance.
• WASM-based scriptability means scripting will be performant and River will be scriptable in any language that can compile to WASM.
• Simple configuration, as we’ve learned some lessons from configuring other software for the past couple of decades.
• It’s written in Rust so you can deploy without worrying about memory safety issues.

What We've Done

Cloudflare has open sourced their Pingora network services framework written in Rust.

Prior to Pingora becoming open source, and in cooperation with Cloudflare, we contracted with James Munns of OneVariable to create an architectural plan for building the River reverse proxy on top of Pingora, which has been completed and can be seen in the GitHub repository.

What's Next

Implementation will start in Q1 2024.

Links

• River on GitHub