BTW, I updated the wiki with what I understand about the quick throttle
condition with CFThrottle. Alan, Vince or anybody else that understands
exactly what is going on, please check out the change I made.
Peter J. Farrell said the following on 11/12/2009 09:19 PM:
> I looked that the Java code and I think I see they this is occurring.
> There is an additional attribute for cfthrottle called "minHitTime"
> which defaults to 500 (ms).
>
> In cfthrottle is there is a shortcut in the condition aptly named quick
> throttled. It appears that if the lastHit occurs too soon you are quick
> throttled. It looks like this:
>
> if (age <= hitTimePeriod AND currentClientHitCount >= hitThreshold) {
> throttled
> } else if (lastHitDiffInMs > 10 AND lastHitDiffInMs < hitMinTime) {
> quick throttled because the it's too fast of an access
> quick throttles count against the total throttles
> } else {
> not throttled
> }
>
> So I bet you're seeing this behavior because the client accesses between
> access #1 and access #2 are too quick. I'm thinking it would be nice if
> you could see what type of throttle was triggered:
>
> cfthrottle.type = "normal"
> cfthrottle.type = "quick"
>
> Because you might want to not fail on quick throttles so easily.
>
> HTH,
> .Peter
>
> ziggy said the following on 11/08/2009 03:47 AM:
>
>> I'm trying to get this tag to work but the results are very odd.
>>
>> <cfthrottle token="#cgi.REMOTE_ADDR#" hitthreshold="20"
>> hittimeperiod="10000">
>> <cfif CFTHROTTLE.throttle>
>> <cfheader statuscode="503" statustext="Too many attempts">
>> <cfheader name="Retry-After" value="180">
>> <cfparam name="CGI.HTTP_REFERER" default="">
>> <cfmail to="----------------"
>> from="------------------"
>> subject="20 Retries in 10 seconds by #cgi.REMOTE_ADDR#"
>> type="HTML">
>> <p>Who: #cgi.HTTP_USER_AGENT#</p>
>> <p>From: /#cgi.REMOTE_ADDR#</p>
>> <cfdump var="#cfthrottle#">
>> </cfmail>
>> <h1>Too many attempts.</h1>
>> <cfexit method="request">
>> </cfif>
>>
>> I don't see any emails when it kicks in where it has 20 hits. All are
>> lower like:
>>
>> struct
>> AGE 1399
>> HITCOUNT 2
>> LASTHIT 150
>> THROTTLE YES
>> TOTALHITS 6
>>
>> Why is this invoking the throttle??? Shouldn't HITCOUNT have to be 20
>> every time? This guy doesn't even have TOTALHITS of 20 yet, though
>> others have more.
>>
>> (I also had a different one on our admin login page with a lower
>> hitcount and sometimes it would block me after 1 hit only!)
>>
>> It also doesn't seem to do much anyway. I opened 20 tabs quickly and
>> then some were blocked but then the next ones weren't, so what good is
>> it? How is it actually throttling someone? Abusers won't care about
>> retry-after. Why isn't there a blockperiod attribute? Or how should I
>> do that?
>>
>> Finally, what is the bizarre Age date format? Docs say "AGE - the date
>> since the first hit" The Middle Ages, 1399, was a while a go ;-)
>> Seconds?
>>
>> Any practical "full" advice on using this to block people downloading
>> the whole site, or abusive spiders?
>>
>> Thanks.
>>
>>
>>
>>
>>
>>
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
Open BlueDragon Public Mailing List
http://groups.google.com/group/openbd?hl=en
official site @ http://www.openbluedragon.org/
!! save a network - trim replies before posting !!
-~----------~----~----~----~------~----~------~--~---
