Yes. Billing is enabled. (Must be to use BlobStore). I agree, 30x30 isn't much. But does your dads school use a range of IP-addresses, or just one single address?
On Jan 28, 10:29 am, "Brandon Wirtz" <[email protected]> wrote: > Interesting. I haven't seen this behavior I have an app that gets something > like 2500 requests every morning when the computer labs at my dad's school > turn on (all within 15 minutes of each other). > > Is your billing enabled? > > 30x30 over half an hour isn't really a "massive" onslaught. > > From: [email protected] > [mailto:[email protected]] On Behalf Of Terje Dahl > Sent: Friday, January 28, 2011 12:30 AM > To: [email protected] > Subject: [google-appengine] DoS blocking vs multiple users on single IP > > We provide a commercial web application to schools (in Norway). > > Schools typically have 20-30 kids pr class - all using web application at > the same time - under the direction of a teacher. > > And all behind single IP address. > > So now you have 20-30 kids pr class, each generating 20-30 request to our > service within maybe 30 minutes, all through the same exterior IP. > > All the GAE sees is a sudden massive onslaught on a site from a singe IP, > and so it blocks that IP - with an appropriate message (but missing the > capcha). > > This happened for the first time yesterday morning: > > I travelled 2000 km to visit a school and train teacher and pupils. The > first class went fine 08:30 (UTC+1). But when the second class started up > (at 09:15) they were almost immediately blocked. And so we waited. We > tried another an hour later. No go! But two hours after that another group > was successful. > > Our business is schools. Schools will all typically follow this pattern. > We can't have our system cut of unpredictably like this. > > Maintaining some sort of white-list (shools IPs) is also not a viable > option. > > Can we at least adjust the limit for blocking? > > Or better yet, how about some kind of API? > > (A variying code the client can put in the header which will authenticate it > for a number of request ...) > > Or, deacitvate automatic blocking, operate with blacklist only, and risk the > higher costs of possible attacks? > > This is critical for us! > > (Our application is "spraklab35".) > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group > athttp://groups.google.com/group/google-appengine?hl=en. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
