-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug/skale 5059 limit number of filters per ip #1062
base: develop
Are you sure you want to change the base?
Conversation
Codecov Report
@@ Coverage Diff @@
## develop #1062 +/- ##
===========================================
+ Coverage 50.07% 50.36% +0.28%
===========================================
Files 295 295
Lines 35533 35700 +167
===========================================
+ Hits 17793 17979 +186
+ Misses 17740 17721 -19 |
SUGGESTIONS BEFORE MERGE:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see 2 drawbacks of such approach:
- UnDoS protection is coupled with the implementation (of logs/filter functionality). Architecturally more correct is to separate these two.
- It unnecessarily introduces ("manual") parsing of filter/logs requests through rapidjson (and not through plain libjsonrpccpp as before. This can can introduce new possible bugs (in this new code).
2a) As a side note I should mention that currently rapidjson-related part in SkaleServerOverride is implemented in a very "workaround" way and needs re-architecture. Growing it further with more calls would complicate things.
As a solution, I'd propose to implement this protection as an added layer in SkaleServerOverride class. It already has unddos protection - so this addition looks consistent. It can be implemented through something similar to mod_rewrite of Apache - i.e. scan request with simple regexp or plain c++ code and do appropriate filtering.
No description provided.