Open Corbie-42 opened 7 months ago
A solution, that is already working, would be to configure some kind of access token in the path, because that is part encrypted:
[[trigger.http]]
route = "/5F7B50F5FB6E54EDE826199887FBB972/cart/checkout"
environment = { TOKEN = "5F7B50F5FB6E54EDE826199887FBB972" }
This has some downsides:
TOKEN
, when handling requestsTOKEN
appears in the logs:
{
...
"spin-matched-route": "/5F7B50F5FB6E54EDE826199887FBB972/cart/checkout",
...
"spin-raw-component-route": "/5F7B50F5FB6E54EDE826199887FBB972/cart/checkout",
"spin-component-route": "/5F7B50F5FB6E54EDE826199887FBB972/cart/checkout"
}
Nevertheless, from a security/billing standpoint, this might be a first workaround.
The request execution in the Fermyon Cloud is limited. E.g. the starter plan includes 100,000 requests per month and the request execution limit is 1,000 requests per second (see FAQ: Quota Limits).
So if an attacker knew the URL of the app, they could send 1,000 requests over 100 seconds and the limit is exceeded.
Now I could try to prevent that from happening, e.g. by using an API gateway, that only forwards authorized requests. This is never a bad idea, but only partly solves the issue. Even with TLS, the host name of the app is exposed, so in
the part
example-app-sdgryh1.fermyon.app
is transferred unencrypted. So any man-in-the-middle (or potentially next to it) knows, where the request was sent to and therefore can easily take down my app in 100 seconds with simple GET requests.So is there any way to prohibit unauthorized requests, if someone knows the URL of my app?