rust/neon
1
0
Fork 0
mirror of https://github.com/neondatabase/neon.git synced 2026-05-25 17:10:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
54206e29ec64a61454667dd1d4489519c839ddfb
neon/proxy/src
History
Conrad Ludgate e5c50bb12b proxy: rate limit authentication by masked IPv6. (#7316) 
## Problem

Many users have access to ipv6 subnets (eg a /64). That gives them 2^64
addresses to play with

## Summary of changes

Truncate the address to /64 to reduce the attack surface.

Todo:
~~Will NAT64 be an issue here? AFAIU they put the IPv4 address at the
end of the IPv6 address. By truncating we will lose all that detail.~~
It's the same problem as a host sharing IPv6 addresses between clients.
I don't think it's up to us to solve. If a customer is getting DDoSed,
then they likely need to arrange a dedicated IP with us.
2024-04-16 14:16:34 +00:00
..
auth
proxy: rate limit authentication by masked IPv6. (#7316)
2024-04-16 14:16:34 +00:00
bin
proxy: rate limit authentication by masked IPv6. (#7316)
2024-04-16 14:16:34 +00:00
cache
Read cplane events from regional redis (#7352)
2024-04-11 18:24:34 +00:00
console
Read cplane events from regional redis (#7352)
2024-04-11 18:24:34 +00:00
context
proxy: replace prometheus with measured (#6717)
2024-04-11 16:26:01 +00:00
http
proxy: replace prometheus with measured (#6717)
2024-04-11 16:26:01 +00:00
proxy
proxy: Exclude private ip errors from recorded metrics (#7389)
2024-04-15 20:21:50 +02:00
rate_limiter
proxy: rate limit authentication by masked IPv6. (#7316)
2024-04-16 14:16:34 +00:00
redis
Read cplane events from regional redis (#7352)
2024-04-11 18:24:34 +00:00
sasl
channel binding (#5683)
2023-11-27 21:45:15 +00:00
scram
add authentication rate limiting (#6865)
2024-03-26 19:31:19 +00:00
serverless
proxy: rate limit authentication by masked IPv6. (#7316)
2024-04-16 14:16:34 +00:00
auth.rs
proxy: include client IP in ip deny message (#6854)
2024-02-21 18:24:59 +01:00
cache.rs
Read cplane events from regional redis (#7352)
2024-04-11 18:24:34 +00:00
cancellation.rs
proxy: replace prometheus with measured (#6717)
2024-04-11 16:26:01 +00:00
compute.rs
proxy: replace prometheus with measured (#6717)
2024-04-11 16:26:01 +00:00
config.rs
proxy: rate limit authentication by masked IPv6. (#7316)
2024-04-16 14:16:34 +00:00
console.rs
proxy: unit tests for auth_quirks (#7199)
2024-03-22 13:31:10 +00:00
context.rs
proxy: Exclude private ip errors from recorded metrics (#7389)
2024-04-15 20:21:50 +02:00
error.rs
proxy: replace prometheus with measured (#6717)
2024-04-11 16:26:01 +00:00
http.rs
proxy: replace prometheus with measured (#6717)
2024-04-11 16:26:01 +00:00
intern.rs
Read cplane events from regional redis (#7352)
2024-04-11 18:24:34 +00:00
jemalloc.rs
proxy: replace prometheus with measured (#6717)
2024-04-11 16:26:01 +00:00
lib.rs
Read cplane events from regional redis (#7352)
2024-04-11 18:24:34 +00:00
logging.rs
fix: no more ansi colored logs (#4613)
2023-07-03 16:37:02 +03:00
metrics.rs
Read cplane events from regional redis (#7352)
2024-04-11 18:24:34 +00:00
parse.rs
proxy: remove unsafe (#5805)
2023-11-06 17:44:44 +00:00
protocol2.rs
proxy: hyper1 for only proxy (#7073)
2024-04-10 08:23:59 +00:00
proxy.rs
proxy: Exclude private ip errors from recorded metrics (#7389)
2024-04-15 20:21:50 +02:00
rate_limiter.rs
proxy: rate limit authentication by masked IPv6. (#7316)
2024-04-16 14:16:34 +00:00
redis.rs
proxy: connect redis with AWS IAM (#7189)
2024-03-22 09:38:04 +01:00
sasl.rs
proxy: simplify password validation (#7188)
2024-03-21 13:54:06 +00:00
scram.rs
proxy: simplify password validation (#7188)
2024-03-21 13:54:06 +00:00
serverless.rs
proxy: Exclude private ip errors from recorded metrics (#7389)
2024-04-15 20:21:50 +02:00
stream.rs
proxy: Exclude private ip errors from recorded metrics (#7389)
2024-04-15 20:21:50 +02:00
url.rs
[proxy] Pass extra parameters to the console (#2467)
2022-09-21 21:42:47 +03:00
usage_metrics.rs
proxy: report metrics based on cold start info (#7324)
2024-04-05 16:14:50 +01:00
waiters.rs
Fix 1.62 Clippy errors
2022-07-04 23:46:37 +03:00