2.0 KiB
2.0 KiB
SmartProxy Connection Limiting Improvements Plan
Command to re-read CLAUDE.md: cat /home/philkunz/.claude/CLAUDE.md
Issues Identified
- HttpProxy Bypass: Connections forwarded to HttpProxy for TLS termination only check global limits, not per-IP limits
- Missing Route-Level Connection Enforcement: Routes can define
security.maxConnectionsbut it's never enforced - Cleanup Queue Race Condition: New connections can be added to cleanup queue while processing
- IP Tracking Memory Optimization: IP entries remain in map even without active connections
Implementation Steps
1. Fix HttpProxy Per-IP Validation ✓
- Pass IP information to HttpProxy when forwarding connections
- Add per-IP validation in HttpProxy connection handler
- Ensure connection tracking is consistent between SmartProxy and HttpProxy
2. Implement Route-Level Connection Limits ✓
- Add connection count tracking per route in ConnectionManager
- Update SharedSecurityManager.isAllowed() to check route-specific maxConnections
- Add route connection limit validation in route-connection-handler.ts
3. Fix Cleanup Queue Race Condition ✓
- Implement proper queue snapshotting before processing
- Ensure new connections added during processing aren't missed
- Add proper synchronization for cleanup operations
4. Optimize IP Tracking Memory Usage ✓
- Add periodic cleanup for IPs with no active connections
- Implement expiry for rate limit timestamps
- Add memory-efficient data structures for IP tracking
5. Add Comprehensive Tests ✓
- Test per-IP limits with HttpProxy forwarding
- Test route-level connection limits
- Test cleanup queue edge cases
- Test memory usage with many unique IPs
Notes
- All connection limiting is now consistent across SmartProxy and HttpProxy
- Route-level limits provide additional granular control
- Memory usage is optimized for high-traffic scenarios
- Comprehensive test coverage ensures reliability