We provide a commercial web application to schools (in Norway). Schools typically have 20-30 kids pr class - all using web application at the same time - under the direction of a teacher. And all behind single IP address.
So now you have 20-30 kids pr class, each generating 20-30 request to our service within maybe 30 minutes, all through the same exterior IP. All the GAE sees is a sudden massive onslaught on a site from a singe IP, and so it blocks that IP - with an appropriate message (but missing the capcha). This happened for the first time yesterday morning: I travelled 2000 km to visit a school and train teacher and pupils. The first class went fine 08:30 (UTC+1). But when the second class started up (at 09:15) they were almost immediately blocked. And so we waited. We tried another an hour later. No go! But two hours after that another group was successful. Our business is schools. Schools will all typically follow this pattern. We can't have our system cut of unpredictably like this. Maintaining some sort of white-list (shools IPs) is also not a viable option. Can we at least adjust the limit for blocking? Or better yet, how about some kind of API? (A variying code the client can put in the header which will authenticate it for a number of request ...) Or, deacitvate automatic blocking, operate with blacklist only, and risk the higher costs of possible attacks? This is critical for us! (Our application is "spraklab35".) -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
