Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

graphql: add query timeout to prevent dos attack #26116

Merged
merged 1 commit into from
Nov 8, 2022
Merged

graphql: add query timeout to prevent dos attack #26116

merged 1 commit into from
Nov 8, 2022

Conversation

ahmetavc
Copy link
Contributor

@ahmetavc ahmetavc commented Nov 5, 2022

#26026 as its proposed in this issue, I added the timeout

@ahmetavc ahmetavc requested review from gballet and s1na as code owners November 5, 2022 09:44
@ahmetavc ahmetavc mentioned this pull request Nov 5, 2022
Closed
holiman
holiman approved these changes Nov 5, 2022
View reviewed changes
Copy link
Contributor

@holiman holiman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but I wonder if 60s isn't a bit too lenient.

@Shiti
Copy link

Shiti commented Nov 5, 2022

We use graphql queries to fetch block and transaction data in bulk. The range of blocks we are able to fetch is between 100-1000. But the response time varies on the data size. Would it be possible to make this configurable ?

@ahmetavc ahmetavc closed this Nov 5, 2022
@ahmetavc ahmetavc reopened this Nov 5, 2022
@ahmetavc
Copy link
Contributor Author

ahmetavc commented Nov 5, 2022

We use graphql queries to fetch block and transaction data in bulk. The range of blocks we are able to fetch is between 100-1000. But the response time varies on the data size. Would it be possible to make this configurable ?

If the number of connections are not creating any problems, instead of making it configurable and failing fast, setting the limit according to max range would work fine imo.

@orangeagain
Copy link

orangeagain commented Nov 6, 2022
edited
Loading

Is it possible make this configurable/ add a start parameter? like geth --querytimeout=2000ms

@fjl
Copy link
Contributor

fjl commented Nov 6, 2022

Scaling the timeout with request size is not possible in the general case. It's also not what this timeout is for. We mainly want to prevent totally stuck queries with this timeout, so it can be long.

@fjl fjl changed the title eth/graphql: add timeout to graphql queries to prevent dos attack graphql: add query timeout to prevent dos attack Nov 6, 2022
s1na
s1na approved these changes Nov 8, 2022
View reviewed changes
Copy link
Contributor

@s1na s1na left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Error example:

{
  "errors": [
    {
      "message": "context deadline exceeded"
    }
  ]
}

@holiman holiman added this to the 1.11.0 milestone Nov 8, 2022
@holiman holiman merged commit ee9ff06 into ethereum:master Nov 8, 2022
@s1na
Copy link
Contributor

s1na commented Nov 8, 2022

Actually this also interacts with the RPC WriteTimeout. The error I posted above will never be returned to the user because connection will be severed at the 30 seconds mark (See #21430 and #25457). I still don't think there's a harm in adding a timeout to graphql, but the original issue was actually a non-issue and the timeout set here is too long.

@ahmetavc
Copy link
Contributor Author

ahmetavc commented Nov 8, 2022

So something between 20-30 sec should be good? @s1na

@s1na
Copy link
Contributor

s1na commented Nov 9, 2022

@ahmetavc Yes let's shoot for a bit under 30 sec.

@fjl
Copy link
Contributor

fjl commented Nov 10, 2022

Wait, so we apply the RPC WriteTimeout to GraphQL connections as well?

@s1na s1na mentioned this pull request Nov 29, 2022
Merged
shekhirin pushed a commit to shekhirin/go-ethereum that referenced this pull request Jun 6, 2023
@ahmetavc @shekhirin
graphql: add query timeout (ethereum#26116)
c564c89 
This PR adds a 60 second timeout to graphql queries.
@Doc-Pixel
Copy link

Question regarding the timeout: Can I disable this? I'm running large queries and get error messages like this:

requests.exceptions.ChunkedEncodingError: ('Connection broken: IncompleteRead(1197 bytes read, 851 more expected)', IncompleteRead(1197 bytes read, 851 more expected))

I tried several approaches with requests, httpx to talk to the graphql on geth.
Connected straight to the port as well as routing it through nginx. Seems geth is just chopping off data transfer.

Ideally you'd want to run a setup with a proper firewall config, and nginx or another webserver handling and limiting the traffic and timeouts for connections instead of exposing geth RPC / WSS directly to the internet. Hoping there's a parameter, read a through the issues here and the docs. Can't really figure out how to disable this.

@s1na
Copy link
Contributor

s1na commented Jan 15, 2024

@Doc-Pixel Please try adding the following to your config.toml file. This should increase the timeout to 60s.

[Node.HTTPTimeouts]
WriteTimeout = 60000000000

@Doc-Pixel
Copy link

Doc-Pixel commented Jan 17, 2024
edited
Loading

Thank you!
:-)
It's still giving the errors, gut feeling is that it is a little bit better.
I'm reducing the amount of blocks per call for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@s1na s1na s1na approved these changes

@holiman holiman holiman approved these changes

@gballet gballet Awaiting requested review from gballet

Assignees
No one assigned
Labels
status:triage
Projects
None yet
Milestone
1.11.0
Development

Successfully merging this pull request may close these issues.
8 participants
@ahmetavc @Shiti @orangeagain @fjl @s1na @Doc-Pixel @holiman @rjl493456442