#community-help

DDoS Protection for Typesense Cloud using Cloudflare

TLDR Nikhil requested a feature to restrict Typesense Cloud hostname/IP access, with only Cloudflare access allowed. Jason acknowledged and stated that IP-based restriction is planned.

4mo

Join the chat

Jul 28, 2023 (4 months ago)

Photo of md5-07cb09a4ed26d997ee7f71d5f2a017e0

Nikhil

07:15 PM

With reference to https://typesense.org/docs/guide/data-access-control.html#ddos-protection for DDoS protection in Typesense Cloud, is there a way to restrict access to the typesense node's individual hostname/IP? Ideally it should only be possible to access typesense node via cloudflare.

Photo of md5-8813087cccc512313602b6d9f9ece19f

Jason

07:25 PM

This is not possible to do at the moment, but if you turn on proxy mode in Cloudflare DNS, then the Typesense Cloud origin hostnames or IP address will not be publicly visible, since Cloudflare will act as a proxy

Nikhil

07:46 PM

Thanks Jason. Please consider the above as a feature request. From a security perspective, it would be great to be able to restrict the node access. Just giving the option for only allowing cloudflare IPs would suffice for most cases.

Jason

07:48 PM

Yup, IP-based restriction is on the roadmap.

Typesense

Lightning-fast, open source search engine for everyone | Knowledge Base powered by Struct.AI

Indexed 3015 threads (79% resolved)

Join Our Community

Similar Threads

Monthly Cloud Product Billing and Usage Concerns

gab asked about monthly billing, usage restrictions, and potential security for the Typesense Cloud product. Kishore Nallan and Jason addressed these concerns, detailing how to control usage limits, avoid potential overcharges and suggested using Cloudflare DNS CNAMEs for DDOS protection. Bruno advised to use paging.

30mo

Validating Client Side Search Adapter Effectiveness and Tips

Keith asked Jason about enumeration attacks and IP blocking. Jason suggested using Cloudflare for IP-blocking, using limited API keys, and shared a method to proxy through Cloudflare to Typesense. Keith also shared a resource about Cloudflare workers.

23mo

Protecting Typesense Queries from DOS Attacks

Juri sought advice on securing typesense queries. Jason suggested use of Cloudflare for DOS attack protection and explained how to create user-specific API keys for data authorization. Ricardo endorsed Cloudflare for protection.

33mo