console/packages/services/police-worker at ca9411399c24c9dfe4dde8e4930fad1e69bde607 - Elgato_dark/console - Forgejo: Beyond coding. We Forge.

Elgato_dark/console

mirror of https://github.com/graphql-hive/console synced 2026-05-23 00:58:36 +00:00

History

Kamil Kisiela 79602c26d0 Explain logic in police worker (#248 )		2022-07-19 09:36:42 +02:00
..
src	Explain logic in police worker (#248 )	2022-07-19 09:36:42 +02:00
.gitignore	$ prettier <all> (#46 )	2022-05-24 16:31:53 +03:00
.npmignore	Hello	2022-05-18 09:26:57 +02:00
build.mjs	Hello	2022-05-18 09:26:57 +02:00
package.json	Hello	2022-05-18 09:26:57 +02:00
README.md	Hello	2022-05-18 09:26:57 +02:00
tsconfig.json	Hello	2022-05-18 09:26:57 +02:00

README.md

Hive Police Worker

Hive code, or Hive support teams can now create and maintain a list of rules that needs to be blocked on CF.
List of rules is defined in CloudFlare KV (as the K).
A CF Worker is running every X minutes (defined in Pulumi code), and syncs the records in KV into a CloudFlare WAF Rule.
When synced correctly, CF will make sure to block all matching requests and prevent traffic from getting to Hive servers.

You can also trigger the scheduled worker manually from CloudFlare dashboard if you need to speed things up.

Available Rules

Block missing/empty header: header:HEADER_NAME:empty
Block by header value: header:HEADER_NAME:SOME_VALUE (or, with method: header:HEADER_NAME:SOME_VALUE:POST, or with method and path: header:HEADER_NAME:SOME_VALUE:POST:/usage)
Block by IP: ip:123.123.123.123

Useful Links

CloudFlare List of KVs: https://dash.cloudflare.com/6d5bc18cd8d13babe7ed321adba3d8ae/workers/kv/namespaces (we use hive-police-ENV)
CF Expressions documentation: https://developers.cloudflare.com/ruleset-engine/rules-language/