-
-
Notifications
You must be signed in to change notification settings - Fork 15
Integrating with Osprey
We host our own proxy server at https://api.osprey.ac that forwards Osprey's lookup requests to your endpoint. The proxy server can also automatically download, update, and query lookup requests against a local threat intelligence feed, if needed.
Our proxy server takes in URLs from clients running Osprey like so using application/json:
{"url": "https://example.com"}It then applies IP-level rate-limits, parses and validates the request, and normalizes the URL. If everything checks out, the proxy server makes a request to your endpoint, validates the response it receives, and returns a normalized application/json output that the Osprey client can read, which looks like this:
{"result": "malicious"}No authentication keys are displayed, no logs are written to disk, and no user IP addresses are sent to your endpoint. Every request to your endpoint comes from our VPS in New York, NY, so keep that in mind for your endpoint's rate-limiting framework. Source code for our proxy server can be found here.
Osprey requires your API or DNS server to:
- Support at least 40 req/sec (peak burst) from Osprey's proxy server
- Support at least 2,000 req/min sustained from Osprey's proxy server
- Provide verdicts on the safety of URLs (malicious, phishing, etc.)
- Respond synchronously over HTTPS with a verdict per URL
- Avoid blocking links to advertisements or trackers
We support the following formats:
application/jsondns/jsondns/message
For local filtering lists, we support the following formats:
-
text(including hosts file format) json
For support or queries, please open an issue in the Issues section.