push.rocks/smartproxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f82d44164c8f7bb2372fa1a68ef31c34c5dd13d8
smartproxy/readme.plan.md
Juergen Kunz 2a4ed38f6b update logs
2025-07-03 02:54:56 +00:00

2.4 KiB
Raw Blame History

SmartProxy Connection Limiting Improvements Plan

Command to re-read CLAUDE.md: cat /home/philkunz/.claude/CLAUDE.md

Issues Identified

  1. HttpProxy Bypass: Connections forwarded to HttpProxy for TLS termination only check global limits, not per-IP limits
  2. Missing Route-Level Connection Enforcement: Routes can define security.maxConnections but it's never enforced
  3. Cleanup Queue Race Condition: New connections can be added to cleanup queue while processing
  4. IP Tracking Memory Optimization: IP entries remain in map even without active connections

Implementation Steps

1. Fix HttpProxy Per-IP Validation ✓

  • Pass IP information to HttpProxy when forwarding connections
  • Add per-IP validation in HttpProxy connection handler
  • Ensure connection tracking is consistent between SmartProxy and HttpProxy

2. Implement Route-Level Connection Limits ✓

  • Add connection count tracking per route in ConnectionManager
  • Update SharedSecurityManager.isAllowed() to check route-specific maxConnections
  • Add route connection limit validation in route-connection-handler.ts

3. Fix Cleanup Queue Race Condition ✓

  • Implement proper queue snapshotting before processing
  • Ensure new connections added during processing aren't missed
  • Add proper synchronization for cleanup operations

4. Optimize IP Tracking Memory Usage ✓

  • Add periodic cleanup for IPs with no active connections
  • Implement expiry for rate limit timestamps
  • Add memory-efficient data structures for IP tracking

5. Add Comprehensive Tests ✓

  • Test per-IP limits with HttpProxy forwarding
  • Test route-level connection limits
  • Test cleanup queue edge cases
  • Test memory usage with many unique IPs

6. Log Deduplication for High-Volume Scenarios ✓

  • Implement LogDeduplicator utility for batching similar events
  • Add deduplication for connection rejections, terminations, and cleanups
  • Include rejection reasons in IP rejection summaries
  • Provide aggregated summaries with meaningful context

Notes

  • All connection limiting is now consistent across SmartProxy and HttpProxy
  • Route-level limits provide additional granular control
  • Memory usage is optimized for high-traffic scenarios
  • Comprehensive test coverage ensures reliability
  • Log deduplication reduces spam during attacks or high-traffic periods
  • IP rejection summaries now include rejection reasons in main message