What it is
Starproxy is a fully HTTP compliant proxy that is designed to sit between clients and a Trino/Starburst cluster. The motivation for developing a solution like this is laid out in some prior art below:
The most attractive items to us are probably:
- Enabling host based security
- Detecting "bad" queries and blocking/deprioritizing them with custom rules
- Load balancing across regions
How it works
First and foremost, starproxy is an http proxy implemented in rust using a combination of axum/hyper.
Parse the query AST, then check a variety of rules:
- inbound CIDR rule checking
- checking for predicates in queries
- identifying select * queries with no limit, among other rules
If rules are violated they can be associated with actions, like tagging the query as low priority. This is done by modifying the request headers and injecting special tags. Rules can also outright block requests by returning error status codes to the client directly.