Deploy: StackPath’s web application firewall to protect your Solana RPC

web3 security

How WAF can protect your RPC

Typical Web2.0 deployment of WAF

Overview of WAF + RPC Architecture

RPC protected by SP// WAF

Setup: WAF on the StackPath Portal

As configured this rule will allow from an IP address 50 requests in a 3 minute period and block any requests from an IP address that has made more than 50 requests within a 3 minute period. After 3 minutes is up the counter resets.

Setup: WAF on your RPC

In StackPath’s Solana portal I’ve opened up 8000-8020 for TCP/UDP for Solana and 8080–8081 for the RPC.
curl --request GET \--url 'https://gateway.stackpath.com/cdn/v1/ips?response_type=PLAIN_TEXT' \--header 'Authorization: Bearer yourtokenhere'###
#!/bin/bash
for i in $(cat stackpathiplist.txt);
do
sudo ufw allow from "$i" to any port 8080
done
sudo ufw allow 8000:8020/udp
sudo ufw allow ssh
--rpc-port 8080 // The RPC port should be configured to 8080--dynamic-port-range 8000–8020 // There is flexibility here, but it should match what the ports you allowed in UFW and the infrastructure provider's network policies--public-rpc-address 0.0.0.0:0000 // I noticed when you use this as your public IP address it shows the RPC public address as "None" in Gossip even without the --private-rpc flag enabled--no-port-check // Otherwise it will attempt to check 0.0.0.0:8080 and cause an error

Testing

❤ vscode
My home IP address redacted.
Personal information redacted.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store