diff options
| author | DanConwayDev <DanConwayDev@protonmail.com> | 2026-01-14 13:40:20 +0000 |
|---|---|---|
| committer | DanConwayDev <DanConwayDev@protonmail.com> | 2026-01-14 13:40:20 +0000 |
| commit | 2821578202d1313c23c30a5dbae39548822e3c55 (patch) | |
| tree | cbe4d2447312b7bc7653bef874b6fb23d60a0ede /README.md | |
| parent | 50000cd9d47681390c3c45feef98fe51c7b79a0f (diff) | |
docs: add defensive measures explanation
Add comprehensive documentation explaining the defensive features
implemented in ngit-grasp. The detailed analysis of other relay
implementations is now preserved in commit history (e3792b9).
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 42 |
1 files changed, 42 insertions, 0 deletions
| @@ -237,6 +237,48 @@ NGIT_EVENT_BLACKLIST=npub1spam1...,npub1spam2... | |||
| 237 | 237 | ||
| 238 | **See**: [Configuration Reference](docs/reference/configuration.md) for complete details | 238 | **See**: [Configuration Reference](docs/reference/configuration.md) for complete details |
| 239 | 239 | ||
| 240 | ## Defensive Measures & Rate Limiting | ||
| 241 | |||
| 242 | ngit-grasp implements multiple layers of defense against abuse, spam, and denial-of-service attacks: | ||
| 243 | |||
| 244 | **Per-Connection Rate Limits:** | ||
| 245 | - Max 500 concurrent subscriptions per connection | ||
| 246 | - Max 60 events published per minute per connection | ||
| 247 | - Built-in to rust-nostr relay-builder | ||
| 248 | |||
| 249 | **Per-IP Connection Monitoring:** | ||
| 250 | - Tracks connections per IP address (default threshold: 10) | ||
| 251 | - Flags potential abusers in logs and metrics | ||
| 252 | - **Does NOT enforce limits** (monitoring only) | ||
| 253 | - Privacy-preserving (IP addresses never exposed in Prometheus) | ||
| 254 | |||
| 255 | **Content Filtering (Blacklists/Whitelists):** | ||
| 256 | - **Event blacklist** - Block ALL events from specific authors (npubs) | ||
| 257 | - **Repository blacklist** - Block specific repositories/developers/identifiers | ||
| 258 | - **Repository whitelist** - Curate which repositories are accepted (GRASP-01 mode) | ||
| 259 | - **Archive whitelist** - Mirror specific repositories (GRASP-05 mode) | ||
| 260 | - See [Curation & Moderation](#curation--moderation) section above for details | ||
| 261 | |||
| 262 | **Relay Sync Protection (GRASP-02):** | ||
| 263 | - **Exponential backoff** - Failed connections: 5s → 10s → 20s → ... → 1 hour max | ||
| 264 | - **Naughty list** - Track relays with infrastructure issues separately (12h expiry) | ||
| 265 | - **Rate limit detection** - Auto 65s cooldown when remote relays rate limit us | ||
| 266 | - **Domain throttling** - Max 5 concurrent, 30/min per domain for git data fetching | ||
| 267 | |||
| 268 | **Event Validation:** | ||
| 269 | - Strict GRASP-01 protocol validation via WritePolicy plugin system | ||
| 270 | - Extensible for custom validation logic (has access to client IP address) | ||
| 271 | |||
| 272 | **Total Connection Limit:** | ||
| 273 | - Max 500 total connections (configurable via `NGIT_MAX_CONNECTIONS`) | ||
| 274 | - Prevents connection exhaustion DoS attacks | ||
| 275 | |||
| 276 | **Not Implemented:** | ||
| 277 | - Per-IP connection limits (only monitored, not enforced) | ||
| 278 | - Per-IP event rate limits (tracked per connection, not per IP) | ||
| 279 | |||
| 280 | **See**: [Defensive Measures](docs/explanation/defensive-measures.md) for complete details and future enhancements. | ||
| 281 | |||
| 240 | ## Roadmap | 282 | ## Roadmap |
| 241 | 283 | ||
| 242 | ### GRASP-02 Enhancements | 284 | ### GRASP-02 Enhancements |