Closed zemyblue closed 1 year ago
How about setting the default max_request_batch_request
as 10?
https://github.com/Finschia/ostracon/blob/4cb2f6eb5d38d559b7d6a227cd583ca84eb24f87/config/config.go#L446-L446 I think we should check if using MaxBodyBytes is enough.
Summary
jsonrpc 2.0 batch request limits required
Problem Definition
DDoS attach is possible by requesting multiple queries in one request through jsonrpc 2.0 batch request method. So I think it's nice to control the jsonrpc 2.0 batch request limitation.
Proposal
JSONRPC2.0 only be handled in Ostracon's RPS server using 26657 port. And batch requests are performed in the following codes. https://github.com/Finschia/ostracon/blob/4127ae7c6ac80fac48b2132401ef52431ffc67cd/rpc/jsonrpc/server/http_json_handler.go#L58-L103 So we can control the requests size if we add a limitation feature in Octracon and config.toml for example the
max_request_batch_request
.For Admin Use