Comments (2)
changed to initial implementation being NO unauthorized requests
from l1-node.
yep! new implementation plan:
stage 1: auth required for every request. all requests without auth are rejected outright by l1s
stage 2: all requests without auth are severely rate limited to allow curl
, wget
, and other 'toy' usage of saturn without auth
for stage 2, the goal of the rate limits is:
- to allow for toy usage of saturn, eg with
curl
from the command line for debugging - to explicitly disallow production usage of saturn without auth. for prod use, a customer must sign up and add auth to their requests
here are some potential rate limiting strategies to consider for implementation:
- rate limit per IP, e.g. 5 reqs/IP/sec
- rate limit per origin, e.g. 5 reqs/origin/sec
- download rate limit per request, e.g. 200kbps maximum download speed per request
- response size per request, e.g. 10MB maximum response size per request
some combination of all, or some, of the above rate limits will help accomplish both of stage 2's goals above
from l1-node.
Related Issues (20)
- Geolocation fix
- Geolocation fix
- Geolocation fix HOT 1
- [METERING] Extract JWT in each request and attach to L1 ingestor log submission HOT 3
- Geolocation fix HOT 1
- Geolocation fix HOT 1
- Egress Increase since 10/2
- Geolocation fix HOT 6
- Geolocation fix HOT 1
- Temporarily remove requirement for auth on all requests
- add sentry to collect and report errors
- Geolocation fix
- Geolocation fix HOT 3
- Geolocation fix HOT 1
- Split built into steps and cache them immediately in case build fails HOT 1
- Switching node id causes nginx to still send old one HOT 2
- `test` tag docker image fails to pull on arch `linux/amd64`
- income issue
- Geolocation fix
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from l1-node.