• Home
  • Get help
  • Ask a question
Last post 8 hours 8 min ago
Posts last week 141
Average response time last week 4 hours 42 min
All time posts 67772
All time tickets 10472
All time avg. posts per day 21
Collected over 9 years 0 months 16 days and updated each hour automatically. Last updated 2024-04-23 15:18 UTC

Helpdesk is open from Monday through Friday CET

Please create an (free) account to post any question in the support area.
Please check the development versions area. Look at the changelog, maybe your specific problem has been resolved already!
All tickets are private and they cannot be viewed by anyone. We have made public only a few tickets that we found helpful, after removing private information from them.

#7057 – Follow up on #7055 (Anti Flood)

Posted in ‘sh404SEF’
This is a public ticket. Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Wednesday, 08 April 2020 11:17 UTC
TheSDHotel
 One more question came to mind:

Does the Anti Flood only accounts for PHP requests or also assets requests?

So for example:

If a page contains javascript, css files, etc. do they all count as separate requests in the number of requests counted by sh404sef? Or not?

Other question:

What would be your reccomended setting for Flooding Time Control and Max. Numbers of Requests?

Best,
Andy
Edited by TheSDHotel on Wednesday, 08 April 2020 11:17 UTC
Wednesday, 08 April 2020 11:32 UTC
wb_weeblr
Hi

It only accounts for requests made to Joomla. Joomla does not know about requests made to assets and so nothing from inside Joomla can control access to assets.

The default is 10 requests in 10 seconds. It's hard to provide guidance on this as it's so specific to each site. You would not expect any individual IP to request more than one or 2 requests to Joomla per second, that would already be rapid clicking around.

However, many pages will have ajax requests fired after the initial page has rendered and this can easily result in 5 or 10 requests made to the site by the same IP. You'll have to experiment a bit - and also consider whether it's worth doing this if you already protect the site with cloudflare?

On this site for instance, there's a lot of caching: the page HTML is mostly coming from the browser cache and the "variable" parts are fetched with ajax. For instance the top-right corner "user" button. The menu opened when you click the "User" button is also loaded with ajax as it's not the same if your logged in vs a guest, etc
This easily result in 5 or more requests in one second. In our case, I'm using nginx anti-flood features to protect the site. It's much more efficient than doing it in PHP and of course it can control assets as well.

Best regards

Yannick Gaultier
weeblr.com
@weeblr
 
Wednesday, 08 April 2020 11:49 UTC
TheSDHotel
Thanks a lot again for the explanation :)

Best,
Andy
Wednesday, 08 April 2020 12:01 UTC
wb_weeblr
Hi Andy,

You're welcome! Closing this ticket now, feel free to open a new one as needed. If you do so, please mention this ticket number in the new one.

Best regards

Yannick Gaultier
weeblr.com
@weeblr
 
This ticket is closed, therefore read-only. You can no longer reply to it. If you need to provide more information, please open a new ticket and mention this ticket's number.