[gentoo-project] [Bugzilla] IP-based limits

[gentoo-project] [Bugzilla] IP-based limits

[Alec Warner]

[-- Attachment #1: Type: text/plain, Size: 602 bytes --]

Bugzilla now has connection limits per IP. I won't say what the limit is,
but if you are crawling bugzilla or using automated tools from a single
source IP you may hit the limit and receive 503's for requests over the
limit.

This may be a particular problem for users behind things like carrier grade
NAT (where many users are multiplexed through a single egress IP.) However
we have seen numerous slowdowns from bot traffic and this is a relatively
straightforward change to make on our end. If you believe you are being
unfairly limited / blocked, please reach out to infra@gentoo.org.

Thanks,

-A

[-- Attachment #2: Type: text/html, Size: 742 bytes --]

Re: [gentoo-project] [Bugzilla] IP-based limits

[Raymond Jennings]

[-- Attachment #1: Type: text/plain, Size: 927 bytes --]

On Wed, Aug 12, 2020 at 8:58 AM Alec Warner <antarus@gentoo.org> wrote:

> Bugzilla now has connection limits per IP. I won't say what the limit is,
> but if you are crawling bugzilla or using automated tools from a single
> source IP you may hit the limit and receive 503's for requests over the
> limit.
>

I haven't had a chance to test this for myself but do the 503 messages give
any indication as to the IP limit being WHY the 503's are being returned or
was this change made/option provided upstream by bugzilla's maintainers?

This may be a particular problem for users behind things like carrier grade
> NAT (where many users are multiplexed through a single egress IP.) However
> we have seen numerous slowdowns from bot traffic and this is a relatively
> straightforward change to make on our end. If you believe you are being
> unfairly limited / blocked, please reach out to infra@gentoo.org.
>
> Thanks,
>
> -A
>

[-- Attachment #2: Type: text/html, Size: 1487 bytes --]

Re: [gentoo-project] [Bugzilla] IP-based limits

[Tomas Mozes]

[-- Attachment #1: Type: text/plain, Size: 720 bytes --]

On Wednesday, August 12, 2020, Alec Warner <antarus@gentoo.org> wrote:
> Bugzilla now has connection limits per IP. I won't say what the limit is,
but if you are crawling bugzilla or using automated tools from a single
source IP you may hit the limit and receive 503's for requests over the
limit.
> This may be a particular problem for users behind things like carrier
grade NAT (where many users are multiplexed through a single egress IP.)
However we have seen numerous slowdowns from bot traffic and this is a
relatively straightforward change to make on our end. If you believe you
are being unfairly limited / blocked, please reach out to infra@gentoo.org.
> Thanks,
> -A

Wouldn't 429 be more appropriate?

Tomas

[-- Attachment #2: Type: text/html, Size: 861 bytes --]

Re: [gentoo-project] [Bugzilla] IP-based limits

[Raymond Jennings]

[-- Attachment #1: Type: text/plain, Size: 1151 bytes --]

On Wed, Aug 12, 2020 at 11:24 AM Tomas Mozes <hydrapolic@gmail.com> wrote:

> On Wednesday, August 12, 2020, Alec Warner <antarus@gentoo.org> wrote:
> > Bugzilla now has connection limits per IP. I won't say what the limit
> is, but if you are crawling bugzilla or using automated tools from a single
> source IP you may hit the limit and receive 503's for requests over the
> limit.
> > This may be a particular problem for users behind things like carrier
> grade NAT (where many users are multiplexed through a single egress IP.)
> However we have seen numerous slowdowns from bot traffic and this is a
> relatively straightforward change to make on our end. If you believe you
> are being unfairly limited / blocked, please reach out to infra@gentoo.org
> .
> > Thanks,
> > -A
>
> Wouldn't 429 be more appropriate?
>

I second the motion, a 5xx code implies that it's the server's fault and
iirc 503 means the server is unable to handle the request, which is
deceptive because an IP ratelimit is a deliberate choice on the point of
the server and if it refuses to fulfill a request due to client behavior
then it belongs in a 4xx code.

>
> Tomas

[-- Attachment #2: Type: text/html, Size: 1696 bytes --]

Re: [gentoo-project] [Bugzilla] IP-based limits

[Alec Warner]

[-- Attachment #1: Type: text/plain, Size: 883 bytes --]

On Wed, Aug 12, 2020 at 11:24 AM Tomas Mozes <hydrapolic@gmail.com> wrote:

>
>
> On Wednesday, August 12, 2020, Alec Warner <antarus@gentoo.org> wrote:
> > Bugzilla now has connection limits per IP. I won't say what the limit
> is, but if you are crawling bugzilla or using automated tools from a single
> source IP you may hit the limit and receive 503's for requests over the
> limit.
> > This may be a particular problem for users behind things like carrier
> grade NAT (where many users are multiplexed through a single egress IP.)
> However we have seen numerous slowdowns from bot traffic and this is a
> relatively straightforward change to make on our end. If you believe you
> are being unfairly limited / blocked, please reach out to infra@gentoo.org
> .
> > Thanks,
> > -A
>
> Wouldn't 429 be more appropriate?
>

The limiter doesn't support this, sorry.

-A


>
> Tomas

[-- Attachment #2: Type: text/html, Size: 1473 bytes --]

Re: [gentoo-project] [Bugzilla] IP-based limits

[Raymond Jennings]

[-- Attachment #1: Type: text/plain, Size: 1093 bytes --]

On Wed, Aug 12, 2020 at 11:40 AM Alec Warner <antarus@gentoo.org> wrote:

> On Wed, Aug 12, 2020 at 11:24 AM Tomas Mozes <hydrapolic@gmail.com> wrote:
>
>> On Wednesday, August 12, 2020, Alec Warner <antarus@gentoo.org> wrote:
>> > Bugzilla now has connection limits per IP. I won't say what the limit
>> is, but if you are crawling bugzilla or using automated tools from a single
>> source IP you may hit the limit and receive 503's for requests over the
>> limit.
>> > This may be a particular problem for users behind things like carrier
>> grade NAT (where many users are multiplexed through a single egress IP.)
>> However we have seen numerous slowdowns from bot traffic and this is a
>> relatively straightforward change to make on our end. If you believe you
>> are being unfairly limited / blocked, please reach out to
>> infra@gentoo.org.
>> > Thanks,
>> > -A
>>
>> Wouldn't 429 be more appropriate?
>>
>
> The limiter doesn't support this, sorry.
>

For the curious, who wrote the limiter?  Is it an upstream feature provided
by the bugzilla maintainers?


> -A
>
>
>>
>> Tomas
>
>

[-- Attachment #2: Type: text/html, Size: 2109 bytes --]

Re: [gentoo-project] [Bugzilla] IP-based limits

[Alec Warner]

[-- Attachment #1: Type: text/plain, Size: 1458 bytes --]

On Wed, Aug 12, 2020 at 11:43 AM Raymond Jennings <shentino@gmail.com>
wrote:

> On Wed, Aug 12, 2020 at 11:40 AM Alec Warner <antarus@gentoo.org> wrote:
>
>> On Wed, Aug 12, 2020 at 11:24 AM Tomas Mozes <hydrapolic@gmail.com>
>> wrote:
>>
>>> On Wednesday, August 12, 2020, Alec Warner <antarus@gentoo.org> wrote:
>>> > Bugzilla now has connection limits per IP. I won't say what the limit
>>> is, but if you are crawling bugzilla or using automated tools from a single
>>> source IP you may hit the limit and receive 503's for requests over the
>>> limit.
>>> > This may be a particular problem for users behind things like carrier
>>> grade NAT (where many users are multiplexed through a single egress IP.)
>>> However we have seen numerous slowdowns from bot traffic and this is a
>>> relatively straightforward change to make on our end. If you believe you
>>> are being unfairly limited / blocked, please reach out to
>>> infra@gentoo.org.
>>> > Thanks,
>>> > -A
>>>
>>> Wouldn't 429 be more appropriate?
>>>
>>
>> The limiter doesn't support this, sorry.
>>
>
> For the curious, who wrote the limiter?  Is it an upstream feature
> provided by the bugzilla maintainers?
>

It's the apache max IP limiter.

The thread was intended to inform people that bugzilla has limits now; it's
not intended to solicit advice on how to build the best possible limiter;
I'm aware this one is hokey but I'm happy with it ;)

-A


>
>
>> -A
>>
>>
>>>
>>> Tomas
>>
>>

[-- Attachment #2: Type: text/html, Size: 3048 bytes --]

Re: [gentoo-project] [Bugzilla] IP-based limits

[Tomas Mozes]

[-- Attachment #1: Type: text/plain, Size: 1107 bytes --]

On Wed, Aug 12, 2020 at 8:39 PM Alec Warner <antarus@gentoo.org> wrote:

> On Wed, Aug 12, 2020 at 11:24 AM Tomas Mozes <hydrapolic@gmail.com> wrote:
>
>>
>>
>> On Wednesday, August 12, 2020, Alec Warner <antarus@gentoo.org> wrote:
>> > Bugzilla now has connection limits per IP. I won't say what the limit
>> is, but if you are crawling bugzilla or using automated tools from a single
>> source IP you may hit the limit and receive 503's for requests over the
>> limit.
>> > This may be a particular problem for users behind things like carrier
>> grade NAT (where many users are multiplexed through a single egress IP.)
>> However we have seen numerous slowdowns from bot traffic and this is a
>> relatively straightforward change to make on our end. If you believe you
>> are being unfairly limited / blocked, please reach out to
>> infra@gentoo.org.
>> > Thanks,
>> > -A
>>
>> Wouldn't 429 be more appropriate?
>>
>
> The limiter doesn't support this, sorry.
>
> -A
>
>
>>
>> Tomas
>
>

It also seems that bgo loads much faster. Have any changes been done in
this direction too? Anyways, thanks!

Tomas

[-- Attachment #2: Type: text/html, Size: 2049 bytes --]

Re: [gentoo-project] [Bugzilla] IP-based limits

[Alec Warner]

[-- Attachment #1: Type: text/plain, Size: 1437 bytes --]

On Thu, Aug 13, 2020 at 9:56 PM Tomas Mozes <hydrapolic@gmail.com> wrote:

>
>
> On Wed, Aug 12, 2020 at 8:39 PM Alec Warner <antarus@gentoo.org> wrote:
>
>> On Wed, Aug 12, 2020 at 11:24 AM Tomas Mozes <hydrapolic@gmail.com>
>> wrote:
>>
>>>
>>>
>>> On Wednesday, August 12, 2020, Alec Warner <antarus@gentoo.org> wrote:
>>> > Bugzilla now has connection limits per IP. I won't say what the limit
>>> is, but if you are crawling bugzilla or using automated tools from a single
>>> source IP you may hit the limit and receive 503's for requests over the
>>> limit.
>>> > This may be a particular problem for users behind things like carrier
>>> grade NAT (where many users are multiplexed through a single egress IP.)
>>> However we have seen numerous slowdowns from bot traffic and this is a
>>> relatively straightforward change to make on our end. If you believe you
>>> are being unfairly limited / blocked, please reach out to
>>> infra@gentoo.org.
>>> > Thanks,
>>> > -A
>>>
>>> Wouldn't 429 be more appropriate?
>>>
>>
>> The limiter doesn't support this, sorry.
>>
>> -A
>>
>>
>>>
>>> Tomas
>>
>>
>
> It also seems that bgo loads much faster. Have any changes been done in
> this direction too? Anyways, thanks!
>

We migrated from fcgi to mod-perl. In general this has resulted in server
time reduction from 1500ms to 500ms. There are other changes afoot so I
don't want to sell these optimizations too much.

-A



>
> Tomas
>

[-- Attachment #2: Type: text/html, Size: 2865 bytes --]