Discuss mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

As in caching?  Yes the server already caches content, but since every user gets a different reply due to being in different locations, you can't just blindly cache the answer to the URL.  As I mentioned, I wrote my own caching code this morning that greatly reduces the work needed for these high-frequency queries.  Since I added the warning message, almost all of the abnormal queries (the ones coming in every 5 seconds) have disappeared which has reduced the overall volume of traffic to 1/4 of what it was.  Of the remaining queries, about 95% are still coming frequently enough to hit the cache so there is very little load on the server now.

On 10/04/2017 02:09 PM, Alex Nordlund wrote:

Have you considered putting Varnish in front of it?

Best regards 
Alex

On 4 Oct 2017, at 20:12, Jeff Taylor <shdwdrgn AT sourpuss.net> wrote:

You may have noticed some issues reaching either the API or servers page recently.  I've tracked down the problem to some extremely excessive calls to the geoip page (https://api.opennicproject.org/geoip/).

If you are the owner of 208.82.39.26... your script is doing lookups four times per second.  Just how often do you think the list of servers changes?  I blocked this IP completely for now, please fix your script and let me know if you want access again.

Of course this one user wasn't enough to bring the server to its knees, this problem was because of yet another script that seems to be getting shared around the globe.  There are two aspects of the query that lead me to believe there is a common script running here:
"GET /geoip/?bare&pct=95 HTTP/1.1"
"Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko"

I'm seeing well over 2000 unique IP addresses making the same query up to once ever five seconds.  That translated to about 200 queries per second.  Now the geoip page is rather expensive in terms of resources, because it has to look up the user's IP and try to match it geographically to the list of Tier-2 servers.  I wrote up some code this morning to cache the queries by IP address for 5 minutes before re-checking.  Now this made a huge difference but still wasn't enough.  I may have another bottleneck in my network that was causing problems even with the cached content so I'll be looking into that.

In the meantime I've added a level of blocking for any server making queries faster than every 15 seconds.  This will return a message warning the requester that server information doesn't change that fast, and doesn't give the expected reply.  I'm hoping whoever set up this script will see broken results and get it fixed.  At the moment this 15-second warning message is accounting for about 25% of all the queries.  I'll keep working on it, but just wanted to let folks know WHY in case anyone happens to see the warning message.


--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org

--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org