Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug/skale 5059 limit number of filters per ip #1062

Draft
wants to merge 10 commits into
base: develop
Choose a base branch
from

Conversation

dimalit
Copy link
Collaborator

@dimalit dimalit commented Apr 6, 2022

No description provided.

@dimalit dimalit requested a review from a team as a code owner April 6, 2022 14:49
@codecov
Copy link

codecov bot commented Apr 6, 2022

Codecov Report

Merging #1062 (40cba16) into develop (dc82869) will increase coverage by 0.28%.
The diff coverage is 55.14%.

Impacted file tree graph

@@             Coverage Diff             @@
##           develop    #1062      +/-   ##
===========================================
+ Coverage    50.07%   50.36%   +0.28%     
===========================================
  Files          295      295              
  Lines        35533    35700     +167     
===========================================
+ Hits         17793    17979     +186     
+ Misses       17740    17721      -19     

Copy link
Collaborator Author

@dimalit dimalit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see 2 drawbacks of such approach:

  1. UnDoS protection is coupled with the implementation (of logs/filter functionality). Architecturally more correct is to separate these two.
  2. It unnecessarily introduces ("manual") parsing of filter/logs requests through rapidjson (and not through plain libjsonrpccpp as before. This can can introduce new possible bugs (in this new code).
    2a) As a side note I should mention that currently rapidjson-related part in SkaleServerOverride is implemented in a very "workaround" way and needs re-architecture. Growing it further with more calls would complicate things.

As a solution, I'd propose to implement this protection as an added layer in SkaleServerOverride class. It already has unddos protection - so this addition looks consistent. It can be implemented through something similar to mod_rewrite of Apache - i.e. scan request with simple regexp or plain c++ code and do appropriate filtering.

@DmytroNazarenko DmytroNazarenko linked an issue Apr 3, 2023 that may be closed by this pull request
@DmytroNazarenko DmytroNazarenko marked this pull request as draft October 14, 2024 16:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Limit number of filters pe IP address
2 participants