Mitigating Platform Misuse for DDoS Attacks

[kevin91nl]

The public web content fetching service, accessible via https://r.jina.ai/{url}, carries a potential for misuse leading to service disruption on target websites. When an attacker's resource initiates a high volume of requests to the Jina endpoint, the actual task of fetching content from the target URL (e.g., https://news.google.com/) is executed by Jina's infrastructure. This fundamentally shifts the source IP address, meaning the target website observes a massive traffic spike originating solely from Jina's crawler network, thereby masking the true origin of the high-volume request from the attacker's system. For example, if automated processes repeatedly request https://r.jina.ai/https://news.google.com/, the victim's web defenses may detect the unusual spike from Jina's IPs and implement aggressive rate limiting against that entire range, unintentionally creating a denial-of-service situation for Jina's legitimate users seeking content from that domain.

[SanchitKS12]

Hello @kevin91nl , I’d like to take on this issue.
From my understanding, the problem is that repeated requests to r.jina.ai/<target_url>(whichever maybe the client reequest ) can unintentionally cause high outbound traffic from Jina’s infrastructure to a single target domain, potentially leading to rate-limiting or DoS-like effects.
I plan to investigate traffic patterns and implement safeguards such as per-target rate limiting, caching/deduplication of identical fetches, and improved monitoring for abuse detection.Also let me know if there are existing utilities or guidelines I should follow in respect to this specific issue.
Please assign this issue to me if this approach sounds good .