Stellate Product Updates logo
Back to Homepage Subscribe to Updates

Product Updates

See the latest new features, improvements, and product updates

Labels

  • All Posts
  • Fix
  • Announcement
  • Improvement
  • graph api
  • feature

Jump to Month

  • March 2023
  • January 2023
  • September 2022
  • August 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
Announcement
a year ago

Query depth limiting

Today, we're excited to introduce our first (of hopefully many!) highly requested security feature.

One of the most common attacks malicious actors do to GraphQL APIs is sending deeply nested queries to overload the server and/or database. For example, imagine a CMS with a Post that has Comments:

query maliciousQuery {
  allPosts {
    comments {
      post {
        comments {
          post {
            comments {
              post {
                # ...repeat times 10000...
              }
            }
          }
        }
      }
    }
  }
}

DataLoader can prevent some of these queries from taking up too many server resources, but not all of them.

As of today, GraphCDN analyses incoming queries and blocks them if they are nested too deeply. Since GraphCDN sits at the edge, your origin server will never have to deal with these malicious queries!

You can configure your service's query depth limiting on the "Security" tab of the dashboard:


Avatar of authorMarko Locher