#community-help

DDoS Protection for Typesense Cloud using Cloudflare

TLDR Nikhil requested a feature to restrict Typesense Cloud hostname/IP access, with only Cloudflare access allowed. Jason acknowledged and stated that IP-based restriction is planned.

Powered by Struct AI

1

Jul 28, 2023 (4 months ago)
Nikhil
Photo of md5-07cb09a4ed26d997ee7f71d5f2a017e0
Nikhil
07:15 PM
With reference to https://typesense.org/docs/guide/data-access-control.html#ddos-protection for DDoS protection in Typesense Cloud, is there a way to restrict access to the typesense node's individual hostname/IP? Ideally it should only be possible to access typesense node via cloudflare.
Jason
Photo of md5-8813087cccc512313602b6d9f9ece19f
Jason
07:25 PM
This is not possible to do at the moment, but if you turn on proxy mode in Cloudflare DNS, then the Typesense Cloud origin hostnames or IP address will not be publicly visible, since Cloudflare will act as a proxy
Nikhil
Photo of md5-07cb09a4ed26d997ee7f71d5f2a017e0
Nikhil
07:46 PM
Thanks Jason. Please consider the above as a feature request. From a security perspective, it would be great to be able to restrict the node access. Just giving the option for only allowing cloudflare IPs would suffice for most cases.
Jason
Photo of md5-8813087cccc512313602b6d9f9ece19f
Jason
07:48 PM
Yup, IP-based restriction is on the roadmap.

1