Use Case
DDoS Protection Built for
Proxy Providers
Your customers route traffic through your gateways. When a DDoS attack targets a proxy endpoint, every customer behind that gateway goes down. Flowtriq detects attacks in under 1 second and auto-mitigates at the kernel level, keeping your proxy infrastructure online.
The Problem
Proxy gateways are single points of failure, and attackers know it
Your proxy infrastructure is a chokepoint by design. Hundreds or thousands of customer sessions flow through each gateway. When an attacker floods a single gateway IP, every customer routed through that endpoint drops simultaneously. One attack, one gateway, your entire customer base impacted.
The damage goes beyond downtime. When your proxy IPs get used as reflection vectors in amplification attacks, those IPs land on blocklists. Your customers' traffic starts getting rejected by destination networks. IP reputation takes weeks to recover, and every day on a blocklist is a day your customers consider switching providers.
Enterprise scrubbing solutions price proxy companies out of the market. They quote six-figure annual contracts built for Tier 1 carriers, not for mid-market proxy operators running their own ASN and BGP peering. You need protection that scales with your gateway count, not with some sales team's revenue target.
09:41:12 UDP flood targeting gateway IP begins
09:41:18 Gateway saturated at 8Gbps
09:41:18 2,400 customer sessions dropped
09:41:45 Monitoring alert fires (30s delay)
09:44:00 NOC begins investigation
09:48:00 Manual null route applied to gateway IP
09:48:00 Gateway offline, sessions not recovered
Customer sessions lost: 2,400
SLA violations triggered: 84
Gateway IP blocklisted: 3 RBLs
How Flowtriq Helps
Detect and mitigate at the gateway before traffic reaches your proxy application
The FTAgent runs on each proxy gateway, reading kernel-level network statistics every second. When traffic patterns deviate from normal proxy behavior, the agent opens an incident, classifies the attack vector, and applies firewall rules at the kernel level, all within the same second the threshold is crossed. Attack traffic is dropped before it ever reaches your proxy application.
Because mitigation happens at the kernel via iptables or nftables, your proxy software never sees the attack packets. Customer sessions continue uninterrupted on the same gateway. No failover, no session migration, no reconnection handshakes. The attack is absorbed silently.
Every gateway reports to a single dashboard. Your NOC sees gateway health, active incidents, and mitigation status across your entire network in real time. When an attack ends, firewall rules are withdrawn automatically so there is no risk of stale rules blocking legitimate traffic hours later.
09:41:12 PPS=214,000 BPS=8.1Gbps THRESHOLD
T+0.1s Incident opened · UDP Flood · 98%
T+0.2s Auto-mitigation · nftables rule applied
T+0.4s Alerts fired · Slack · PagerDuty
T+0.5s Gateway status · all 2,400 sessions active
09:41:13 PPS=18,450 BPS=425Mbps MITIGATED
09:53:00 Attack subsides · rules withdrawn
Sessions dropped: 0
Gateway downtime: 0 seconds
_
Key Features
Purpose-built for proxy infrastructure
Multi-gateway monitoring
Monitor every proxy gateway from a single dashboard. Group gateways by region, protocol, or customer tier. See real-time PPS, BPS, and session counts per gateway. Role-based access lets your NOC, abuse team, and trust-and-safety staff each see exactly what they need.
Auto-mitigation (iptables/nftables)
When an attack is detected, Flowtriq applies kernel-level firewall rules that drop attack traffic before it reaches your proxy application. Rules target the specific attack vector, so legitimate proxy sessions continue uninterrupted on the same gateway. Rules auto-withdraw when the attack ends.
BGP FlowSpec integration
For attacks that exceed local gateway capacity, Flowtriq escalates to BGP FlowSpec to filter traffic at the network edge. If you operate your own ASN and BGP peering, FlowSpec rules propagate to your upstream peers automatically. Cloud scrubbing integration available as the highest escalation tier.
Port-level traffic analysis
See which ports are receiving traffic on every gateway. Identify attacks targeting specific proxy ports, detect abuse of non-standard ports, and spot reflection traffic originating from your infrastructure. Per-port analytics help you enforce acceptable use policies and protect IP reputation.
IP reputation monitoring
Track the reputation of your gateway IPs across major blocklists. Get alerted when a gateway IP appears on an RBL so you can respond before customers notice degraded connectivity. Incident forensics help you identify the abuse pattern that triggered the listing and take corrective action.
PCAP forensics
Every incident includes a full packet capture starting from pre-attack traffic. Download PCAPs to analyze attack patterns, share them with upstream providers for abuse reports, or use them as evidence when enforcing your acceptable use policy against customers generating outbound abuse.
Real-time alerting
Route alerts to the right team at the right time. Send Slack notifications for minor incidents, page your NOC for gateway-impacting attacks, and update your trust-and-safety team on abuse patterns. Escalation policies ensure nothing falls through the cracks during off-hours.
API & Terraform
Manage gateways programmatically with the REST API or Terraform provider. Automate node provisioning when you spin up new proxy gateways. Export per-gateway metrics to Prometheus for custom Grafana dashboards. Infrastructure-as-code for fleet-scale proxy deployments.
Getting Started
Deploy across your proxy fleet in minutes
Rolling out Flowtriq to your proxy infrastructure takes less time than recovering from a single gateway outage. Here is how it works from signup to full coverage.
Create your workspace
Sign up at flowtriq.com and create a workspace for your proxy network. Add your NOC and trust-and-safety team with admin access. The 7-day free trial starts immediately with no credit card required.
Install the FTAgent on each gateway
The agent installs with pip install ftagent and runs as a lightweight systemd service. It reads kernel-level network statistics with near-zero CPU overhead. Deploy across your gateway fleet with Ansible, Terraform, or any configuration management tool you already use.
Configure alert channels
Connect Flowtriq to your existing incident response workflow. Send alerts to Slack, Discord, PagerDuty, OpsGenie, email, SMS, or custom webhooks. Set up escalation policies so the right people get notified based on severity and time of day.
Enable auto-mitigation policies
Define mitigation policies per gateway or globally. Choose which attack types trigger automatic firewall rules, set thresholds appropriate for proxy traffic volumes, and configure how long rules persist after an attack ends. Start with conservative settings and tune as you see real traffic patterns.
Monitor and optimize
Within hours, Flowtriq learns your normal proxy traffic baselines and sets dynamic thresholds automatically. Review analytics to understand per-gateway traffic patterns, identify abuse trends, and generate reports for your operations and trust-and-safety teams.
By the Numbers
The impact on your proxy operations
Before & After
How Flowtriq transforms your gateway defense
Without Flowtriq
- Attacks saturate gateways before monitoring alerts fire
- Every customer behind the targeted gateway drops
- Gateway IPs land on blocklists from reflection abuse
- NOC applies manual null routes, taking the gateway offline
- SLA violations trigger across dozens of customer accounts
- No forensic evidence to identify abuse source
- Customers churn to competitors with better uptime
With Flowtriq
- Detection in under 1 second at the kernel level
- Customer sessions continue uninterrupted during attacks
- IP reputation protected by blocking outbound abuse
- Firewall rules applied and withdrawn automatically
- SLA commitments maintained through transparent mitigation
- Full PCAP capture for forensic analysis and abuse reports
- Uptime becomes a competitive differentiator
Pricing
Simple per-gateway pricing. No surprises.
Unlimited team seats included. Monitor 5 gateways or 500 gateways at the same price per node. No bandwidth fees, no overage charges, no contracts. Cancel anytime. Flow sources (sFlow/NetFlow/IPFIX from routers) available from $19/source/month with volume discounts.
Compatibility
Works with your existing proxy stack
The FTAgent runs on any Linux server with kernel 3.10 or later. It supports all major distributions including Ubuntu, Debian, CentOS, Rocky Linux, AlmaLinux, and Fedora. Whether your proxy gateways run on bare-metal servers, cloud VMs, or containerized infrastructure, the agent works the same way.
Flowtriq is proxy-software agnostic. It monitors at the kernel level, below your proxy application. Squid, HAProxy, Envoy, NGINX, 3proxy, custom SOCKS5 daemons, or proprietary proxy software all work because the agent never interacts with the proxy layer directly.
Integrate with your existing tools via webhooks, REST API, or the Terraform provider. Export incident data to your SIEM or ticketing system. Pull metrics into Grafana or Prometheus. Automate gateway provisioning as part of your infrastructure-as-code pipeline.
• Ubuntu 18.04, 20.04, 22.04, 24.04
• Debian 10, 11, 12
• CentOS 7, 8, 9 Stream
• Rocky Linux 8, 9
• AlmaLinux 8, 9
Firewalls
• iptables / ip6tables
• nftables
• ufw (Uncomplicated Firewall)
Proxy Software
• Squid / HAProxy / NGINX
• Envoy / 3proxy / Dante
• Custom SOCKS5 / HTTP CONNECT
• Any proxy (kernel-level monitoring)
FAQ
Common questions from proxy providers
Can I monitor all my proxy gateways from one dashboard?
Yes. There is no limit on the number of nodes. Every gateway running the FTAgent reports to the same workspace. You can group gateways by region, customer tier, or protocol type and filter the dashboard accordingly. Pricing scales linearly at $9.99 per node per month (or $7.99 with annual billing). You can also monitor routers and switches via sFlow, NetFlow, or IPFIX as flow sources.
Will Flowtriq interfere with legitimate proxy traffic?
No. The FTAgent monitors at the kernel level by reading network statistics, not by inspecting or intercepting packets inline. It only acts when an attack pattern is positively identified, applying targeted firewall rules that block the specific attack vector while legitimate proxy sessions continue uninterrupted on the same gateway.
Do you support IPv6?
Yes. Flowtriq provides full IPv6 support for both detection and mitigation. The FTAgent monitors IPv4 and IPv6 traffic simultaneously and applies mitigation rules via ip6tables or nftables for IPv6 attack vectors. All dashboard metrics, alerting, and forensics cover both address families.
How does it handle distributed proxy architectures?
Each gateway runs its own independent FTAgent with its own detection loop. If one gateway is attacked, it detects and mitigates locally without depending on a central controller. All gateways report to a single dashboard so your NOC has full visibility, but detection and mitigation never depend on network connectivity to the dashboard.
Related Use Cases
Flowtriq for network infrastructure
Schedule a Fit Assessment
30-minute call to discuss your specific setup and see if Flowtriq is the right fit. No sales pressure.
Book a CallGet the Implementation Guide
Step-by-step deployment guide tailored to your use case. Sent straight to your inbox.