mirrors/hockeypuck
1
0
Fork 0
mirror of https://github.com/hockeypuck/hockeypuck.git synced 2025-12-17 08:55:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
Page: HIP 010: Internal rate limiting support
Pages
HIP 000: Hockeypuck Improvement Proposals HIP 001: [REVERTED] Regaining control over public key identity with authenticated key management HIP 002: SKS v2 protocol HIP 003: Timestamp aware merge strategy HIP 004: Third party revocation sig distribution HIP 005: Reliable personal data deletion using self signatures HIP 006: WKD support HIP 007: Recursive resolver HIP 008: Out of Band Email Ownership Proof HIP 009: Management Interface HIP 010: Internal rate limiting support HIP 011: Merge ptree into pghkp HIP 012: Define and use JSON‐LD schemas HIP 013: In‐Band Metadata Sync Using Trust Packets Home Migrating from SKS‐keyserver to Hockeypuck Semantic Versioning Policy Upgrading docker‐compose standalone deployment from 2.1 to 2.2
2 HIP 010: Internal rate limiting support
Andrew Gallagher edited this page 2025-04-01 23:00:51 +01:00
Table of Contents

See #387

Motivation

Currently, connection rate limiting to prevent abuse is managed by an external haproxy (shipped under contrib/docker-compose/standalone), however this has several shortcomings:

  1. It is easy to (accidentally or intentionally) deploy hockeypuck without a (correctly configured) haproxy front end, which leaves the server open to spam.
  2. Operators who don't use the standalone docker-compose deployment must configure haproxy manually, which is challenging for non-experts and error-prone.
  3. Vanilla haproxy must be force-reloaded to pick up configuration changes, which has undesirable side effects (https://github.com/hockeypuck/hockeypuck/issues/366)

Design

Hockeypuck should be safe to deploy out of the box, i.e. it must include a reasonable rate-limiting configuration by default. This should include rate limiting and tor exit node abuse detection, as currently supported by the standalone haproxy.

Out of scope

TBC

Security considerations

TBC

Compatibility

TBC