Comments (8)
@dan-da, could you accept your invitation to join the @bisq-network GitHub organization? I'll assign you to this issue and add you to the @bisq-network/markets-maintainers team.
from bisq-markets.
Could this issue be closed at this time, or is it still an active problem?
from bisq-markets.
(no opinion on closing or not, sorry)
But I profit to say that, from my experience, atm 30 consecutive http requests is enough to have the IP blocked.
If it would be possible to have a bit more, that would be nice.
from bisq-markets.
@dan-da Could you jump in here?
from bisq-markets.
Present settings are that 30+ requests in 2 minutes will get your IP banned temporarily.
This was put in place to mitigate a ddos attack in early July and it performed well, with website responses going from unusable to quick.
That was before a caching improvement was deployed, so the server should be able to handle more load now.
That said, I don't yet see a compelling reason to raise the limit. All well-behaving API clients can rate limit to 4 secs between API requests.
An improvement would be to document minimum 4 secs between requests (30 reqs in 2 mins) at https://markets.bisq.network/api/
If the limit is causing any problems for browser sessions, no one has filed an issue for that since the limit was lowered.
from bisq-markets.
Thanks for the precisions @dan-da .
I used a timer, but with too small values which seemed to change nothing to the ban.
I'll do it with 4 secs if that makes it.
... I find however that going from 180 req/min to 15 req/min is a bit rude.
from bisq-markets.
I find however that going from 180 req/min to 15 req/min is a bit rude.
Agreed it is not ideal. Again though, it was put in place to mitigate a ddos attack that was killing the site. Bisq is quite limited on server resources so we have to make do within constraints.
This is the first comments I've seen about it since the limit was lowered.
At this point with the caching in place and current traffic I feel it could safely be raised to 60 reqs in 120 secs ( 2 secs per req ) and still withstand a ddos, if not too huge.
That said, hopefully traffic will continue increasing, so our present server resources will scale approx twice as far if we continue with the 4 secs. So I'm leaning towards keeping status quo for now.
Either way, I think the most important thing is to document the limit.
anyone want to weigh in on this before I make any change? any use cases that are seriously adversely impacted by a 4 sec limit? or has anyone heard complaints of browser sessions being banned?
from bisq-markets.
@dan-da , do you have access to the stats for https://markets.bisq.network/api/ frequentation ?
I would be curious to know how much it's used, and if it is growing or not ?
As for the 15 req/min limit, if increasing it puts a risk concerning DDOS, it's ok to let it as it is.
from bisq-markets.
Related Issues (17)
- Some API outputs don't support Cross-Origin Resource Sharing HOT 9
- markets.bisq.network is down HOT 2
- Currency List Outdated HOT 2
- Trading info for assets added in v0.9.0 not showing at all
- https://markets.bisq.network/ is often down those last days HOT 5
- Update live markets site to serve the contents of this repository
- If risq backend is unavailable, /api/volumes returns incorrect JSON data structure
- Drop Down Menu Does Not Update HOT 1
- Markets Onion down?
- Feature request: Privacy & https://market.bitsquare.io showing exact fiat value.
- Not showing offers and trades with Dash as base currency HOT 4
- Bitcoin Clashic (BCH) not showing up in markets webapp HOT 2
- Add payment method to trades endpoint in markets API HOT 8
- API content type is not json HOT 3
- Altcoins not showing up in API trades results HOT 2
- Bitcore (BTX) not showing up in markets HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bisq-markets.