Chapter 1. Securing Ingress

There’s a long-held misconception that network tunnels are insecure.

Many people think of a tunnel as a direct connection to an upstream service, which might be a scary concept.

With ngrok, tunnels actually protect your upstream service. Traffic destined for your application flows directly to ngrok’s global network—not your upstream service. ngrok receives the request, applies the security policies you specify, and then sends the request to your service only if authorized.

Your service’s ingress rules allow connectivity from the ngrok network, not the outside world. Thus, ngrok becomes your service’s only client, and your production infrastructure remains safe and secluded from outside traffic.

This makes ngrok tunnels secure by design.

Nevertheless, many people utilize tunnels to bypass IT security controls and gain connectivity quickly.

Without a universal ingress platform like ngrok, IT teams must make significant changes to their production infrastructure ...