Billing risk from bad actors
Firstly wanted to say I love what all of you have built so far!
This thread was added following discussion in general chat with Ian as per his request.
Currently, bad actors can connect via websockets and continue spamming functions. Rate limiters or any other criteria based functions at application layer can prevent access but functions are still called and result in billing. The bad actors will remain connected to the backend and we cant get rid of them. Only mitigation for billing risk at present is spending cap but this would result in downtime for the service.
Proposed fix:
1) Allow method to disconnect websocket of a client, server side.
2) After several attempts to reconnect following their forced reconnect, Pro users who can have own domains can utilise cloudflare or similar websocket proxies to mitigate attacks. https://developers.cloudflare.com/network/websockets/
The purpose of triggering the disconnect is to trigger cloudflare’s own rate limiters
PS: On a side note, I would love to try Pro as a startup if given a chance and would love to be considered. Still no VC money yet to qualify on the site :).
Thanks very much!
This thread was added following discussion in general chat with Ian as per his request.
Currently, bad actors can connect via websockets and continue spamming functions. Rate limiters or any other criteria based functions at application layer can prevent access but functions are still called and result in billing. The bad actors will remain connected to the backend and we cant get rid of them. Only mitigation for billing risk at present is spending cap but this would result in downtime for the service.
Proposed fix:
1) Allow method to disconnect websocket of a client, server side.
2) After several attempts to reconnect following their forced reconnect, Pro users who can have own domains can utilise cloudflare or similar websocket proxies to mitigate attacks. https://developers.cloudflare.com/network/websockets/
The purpose of triggering the disconnect is to trigger cloudflare’s own rate limiters
PS: On a side note, I would love to try Pro as a startup if given a chance and would love to be considered. Still no VC money yet to qualify on the site :).
Thanks very much!
Cloudflare Docs
Cloudflare supports proxied WebSocket connections without additional configuration.
