Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: gateway with dedicated cf gateway #1546

Merged
merged 2 commits into from
Mar 10, 2022

Conversation

vasco-santos
Copy link
Contributor

@vasco-santos vasco-santos commented Mar 3, 2022

This PR adds our dedicated CF gateway as the gateway to be used 🎉

I had our dedicated CF gateway cf.nftstorage.link setup with Cloudflare team, this will be an offering from them in the future and we had a manual process with them to have the DNS setup and proxying to ipfs.cloudflare.com.

With this dedicated gateway we have more freedom and powers with custom rate limits. With this in mind, a set of rules were put in place to avoid abuse and hammering this domain:

  • Firewall rule blocking all traffic matching cf.nftstorage.link/* from the outside world (only our worker can access it, same CF zone ID)
  • Rate limit rule limiting traffic fo cf.nftstorage.link/* per X-Forwarded-For
    • wondering if we should use cf-connecting-ip instead, given clients can easily manipulate X-Forwarded-For to add fake proxies just to circumvent limits. If so, we will need to add a new header to the request to the gateways to use it. Thoughts?

Closes #1195

@vasco-santos vasco-santos force-pushed the feat/gateway-with-dedicated-cf-gateway branch from 0e520c3 to 96a576c Compare March 3, 2022 10:40
@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Mar 3, 2022

Deploying with  Cloudflare Pages  Cloudflare Pages

Latest commit: 16f2d4e
Status: ✅  Deploy successful!
Preview URL: https://c5c17dc5.nft-storage-1at.pages.dev

View logs

@vasco-santos vasco-santos marked this pull request as ready for review March 3, 2022 10:48
@vasco-santos vasco-santos requested a review from alanshaw March 3, 2022 10:53
Copy link
Contributor

@alanshaw alanshaw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Co-authored-by: Alan Shaw <alan.shaw@protocol.ai>
@vasco-santos vasco-santos merged commit a3acf00 into main Mar 10, 2022
@vasco-santos vasco-santos deleted the feat/gateway-with-dedicated-cf-gateway branch March 10, 2022 09:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Gateway - Rate Limiting improvements with public IPFS gateways
2 participants