429 too many emoji requests 😥

Fredo · 2017-12-21 14:04:56 UTC

After opening the emoji selector in the post editor, discourse throws users out once they load a page again (like after submitting a post).

429 Too Many Requests

Your IP address has made too many requests to this service over a short amount of time. Please wait a few minutes and try again.

If you are behind a proxy or coming from a large company, you and many other users may appear to be the same person. Please let us know of recurring problems by email: team@discourse.org

It seems it was not the user trying to DDOS discourse, but discourse itself. If there is a way, maybe distinct requests to resources (like emojis) should not be considered? Or all emojis should be combined into a sprite?

sam · 2017-12-22 01:42:30 UTC

Very little point in that cause we have HTTP/2

Can you clarify, is this happening on meta.discourse.org or on some other site we are hosting?

If it’s on meta then yes we got to add a bypass to our special rate limiting here for emojis, discourse_docker/web.ratelimited.template.yml at master · discourse/discourse_docker · GitHub is too indescriminent.

One plan we have is to shift to a global rate limit in the APP so this would be totally sidestepped and then the NGINX rate limit can be way higher.

codinghorror · 2017-12-22 01:43:01 UTC

You will need to clarify this part first @Fredo.

Fredo · 2017-12-27 15:20:45 UTC

It’s hosted by discourse (https://forums.sketchup.com/). But you have to scroll quickly through all the emojis to reproduce it.

zogstrip · 2017-12-27 15:29:43 UTC

FTR I was able to reproduce it on https://forums.sketchup.com by scrolling through the emojis.

sam · 2017-12-27 22:09:39 UTC

I am leaving this assigned to me for now, we do plan to improve this in 2 ways

whitelist emoji requests from the CDN so they do not participate in the rate limiting
centralize emoji storage across all our sites so there is only one CDN for emojis.