Hey @Jason Bosco weird question, we’re trying to validate how effective the client side search adapter is against enumeration attacks; question is it possible to white list domains/ip?

@Keith Petrillo For enumeration attacks specifically, you can use the limit_hits search parameter embedded in a scoped search API Key to limit the total number of records that can be fetched with that API key

Is that done when the API key is created or client side?

When the API key is created

Interesting, okay, we’ll give that a test on the new cluster. Thanks!

We don't track IPs / domains, so we don't have a way to block based on that. If you need IP-based blocking, I'd recommend setting up something like Cloudflare (free) in front of your Typesense endpoints and use the Cloudflare domains from the client-side. So for eg: ts1.yourdomain.com -> xxx-1.a1.typesense.net ts2.yourdomain.com -> xxx-2.a1.typesense.net ts3.yourdomain.com -> xxx-3.a1.typesense.net Where tsx.yourdomain.com is hosted on Cloudflare and set to proxy to Typesense

Yea that’s actually what we’re talking about right this second haha

And as a bonus you get DDOS protection!

YEa exactly

Very interesting! Thank you for sharing. I'll start recommending this approach to others in the future.