Starburst/Trino Proxy

What it is

Starproxy is a fully HTTP compliant proxy that is designed to sit between clients and a Trino/Starburst cluster. The motivation for developing a solution like this is laid out in some prior art below:

• Facebook Engineering Blog - Static Analysis
• Strata Conference Talk
• Uber Case Study - Prism

The most attractive items to us are probably:

• Enabling host based security
• Detecting "bad" queries and blocking/deprioritizing them with custom rules
• Load balancing across regions

How it works

First and foremost, starproxy is an http proxy implemented in rust using a combination of axum/hyper.

1. Parse the query AST, then check a variety of rules:

   • inbound CIDR rule checking
   • checking for predicates in queries
   • identifying select * queries with no limit, among other rules

2. If rules are violated they can be associated with actions, like tagging the query as low priority. This is done by modifying the request headers and injecting special tags. Rules can also outright block requests by returning error status codes to the client directly.