Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CORS Proxy] Rate-limits IPv6 requests based on /64 subnets, not specific addresses #1923

Open
wants to merge 1 commit into
base: trunk
Choose a base branch
from
Open

[CORS Proxy] Rate-limits IPv6 requests based on /64 subnets, not specific addresses #1923

wants to merge 1 commit into from

Conversation

adamziel
Copy link
Collaborator

@adamziel adamziel commented Oct 17, 2024
edited
Loading

Rate-limits the CORS proxy requests based on the first 64 bits of an IPv6 address, not all 128 bits. This prevents a person with an entire /64 subnet from exhausting the storage or getting more than their fair share of the tokens. This only applies to IPv6. For IPv4 addresses, all 64 bits are still considered.

Implementation

Converts a string-based IP address into a binary string, then zeros the first 64 bits in that string and re-encodes it as a human-readable IP string.

Testing instructions

  • Deploy and attack the proxy :-)
  • Run the unit tests
php ./packages/playground/website-deployment/tests.php

cc @brandonpayton for reviews

@adamziel
[CORS Proxy] Rate-limit entire /64 subnets instead of specific addres…
d01ea6f 
…ses.

This prevents a person with an entire /64 subnet from
exhausting the storage or getting more than their fair
share of the tokens.

 ## Implementation

Converts a string-based IP address into a binary string,
then zeros the first 64 bits in that string and re-encodes
it as a human-readable IP string.

 ## Testing instructions

Run unit tests

```php
php ./packages/playground/website-deployment/tests.php
```

cc @brandonpayton for reviews
@adamziel adamziel added the [Type] Enhancement New feature or request label Oct 17, 2024
@adamziel adamziel changed the title [CORS Proxy] Rate-limit entire /64 subnets instead of specific addresses [CORS Proxy] Rate-limits based on the /64 IPv6 subnet, not specific addresses Oct 17, 2024
@adamziel adamziel changed the title [CORS Proxy] Rate-limits based on the /64 IPv6 subnet, not specific addresses [CORS Proxy] Rate-limits IPv6 requests based on /64 subnets, not specific addresses Oct 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
[Type] Enhancement New feature or request
Projects
Playground Board
Status: Needs review
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@adamziel