Reject unsafe targets
Block local, private, reserved, metadata, unsafe-protocol, credential-bearing, and unsafe-port destinations.
API abuse prevention
ThrottleProxy combines workspace authentication, precise allowlists, private-network blocking, pinned DNS results, safe ports, credential stripping, exact key lookup, and bounded resource use. These controls reduce abuse risk; they do not replace network-edge protection.
Practical boundaries
Block local, private, reserved, metadata, unsafe-protocol, credential-bearing, and unsafe-port destinations.
Use the validated public address while preserving TLS verification, SNI, and the intended Host.
Plain patterns match exactly and wildcards match one subdomain level only.
Use a hash and one exact Redis lookup for every presented proxy key.
Enforce per-target, key, workspace, and global queue or concurrency limits with Redis scripts.
Count request and response bytes and enforce idle plus absolute upstream deadlines.
No. Local names, private and reserved ranges, metadata addresses, and unsafe DNS answers are rejected.
Request and response limits count streamed bytes rather than trusting Content-Length alone.
No. Per-IP edge limits, network-level slow-client mitigation, and broader abuse telemetry remain separate infrastructure work.
Use one workspace key, one exact public host, and non-sensitive test traffic.