#community-help

Validating Client Side Search Adapter Effectiveness and Tips

TLDR Keith asked Jason about enumeration attacks and IP blocking. Jason suggested using Cloudflare for IP-blocking, using limited API keys, and shared a method to proxy through Cloudflare to Typesense. Keith also shared a resource about Cloudflare workers.

19mo

Join the chat

Feb 04, 2022 (19 months ago)

Photo of md5-49c23d5dc46241ca1af5233658633765

Keith

04:42 PM

Hey Jason weird question, we’re trying to validate how effective the client side search adapter is against enumeration attacks; question is it possible to white list domains/ip?

Photo of md5-8813087cccc512313602b6d9f9ece19f

Jason

04:49 PM

Keith For enumeration attacks specifically, you can use the limit_hits search parameter embedded in a scoped search API Key to limit the total number of records that can be fetched with that API key

Keith

04:50 PM

Is that done when the API key is created or client side?

Jason

04:50 PM

When the API key is created

Keith

04:51 PM

Interesting, okay, we’ll give that a test on the new cluster. Thanks!

Jason

04:51 PM

We don't track IPs / domains, so we don't have a way to block based on that. If you need IP-based blocking, I'd recommend setting up something like Cloudflare (free) in front of your Typesense endpoints and use the Cloudflare domains from the client-side.

So for eg:

ts1.yourdomain.com -> xxx-1.a1.typesense.net
ts2.yourdomain.com -> xxx-2.a1.typesense.net
ts3.yourdomain.com -> xxx-3.a1.typesense.net

Where tsx.yourdomain.com is hosted on Cloudflare and set to proxy to Typesense

Keith

04:52 PM

Yea that’s actually what we’re talking about right this second haha

04:52

Keith

04:52 PM

That’s a great example though

Jason

04:53 PM

And as a bonus you get DDOS protection!

Keith

04:55 PM

YEa exactly

04:56

Keith

04:56 PM

We have Cloudflare Business so we can even go further than that and use Workers to hide the API key

04:56

Keith

04:56 PM

https://gomakethings.com/how-to-create-a-middleman-api-with-cloudflare-workers-and-vanilla-js/

Jason

04:58 PM

Very interesting! Thank you for sharing. I'll start recommending this approach to others in the future.

Typesense

Lightning-fast, open source search engine for everyone | Knowledge Base powered by Struct.AI

Indexed 2764 threads (79% resolved)

Join Our Community Manage subscription

Similar Threads

Protecting Typesense Queries from DOS Attacks

Juri sought advice on securing typesense queries. Jason suggested use of Cloudflare for DOS attack protection and explained how to create user-specific API keys for data authorization. Ricardo endorsed Cloudflare for protection.

28mo

Monthly Cloud Product Billing and Usage Concerns

gab asked about monthly billing, usage restrictions, and potential security for the Typesense Cloud product. Kishore Nallan and Jason addressed these concerns, detailing how to control usage limits, avoid potential overcharges and suggested using Cloudflare DNS CNAMEs for DDOS protection. Bruno advised to use paging.

25mo

Understanding and Implementing Typesense Dart Library with Flutter

Alexandro sought help with the Typesense Dart library. Jason explained that the library is in progress, discussed utilizing other HTTP libraries, and provided detailed instructions on utilizing Typesense with Flutter. Alexandro provided feedback on the Typesense UI and expressed interest in creating a tutorial video.

28mo

Connection Refused Issue with Typesense and Nginx Reverse Proxy

Karthik experiences a connection refused problem with Typesense and Nginx reverse proxy. Jason helps troubleshoot, but the issue remains unresolved.

6mo

Discussing Typesense Cloud's SSDs, NVMe, and Resources Needed

A asked about Typesense's storage type and configuration possibilities. Jason shared that they use SSDs and suggested NVMe SSDs for high-availability instances. They discussed server resources needed for specific user cases and briefly touched on DDoS protection via Cloudflare.

26mo