I looked that the Java code and I think I see they this is occurring.
There is an additional attribute for cfthrottle called "minHitTime"
which defaults to 500 (ms).
In cfthrottle is there is a shortcut in the condition aptly named quick
throttled. It appears that if the lastHit occurs too soon you are quick
throttled. It looks like this:
if (age <= hitTimePeriod AND currentClientHitCount >= hitThreshold) {
throttled
} else if (lastHitDiffInMs > 10 AND lastHitDiffInMs < hitMinTime) {
quick throttled because the it's too fast of an access
quick throttles count against the total throttles
} else {
not throttled
}
So I bet you're seeing this behavior because the client accesses between
access #1 and access #2 are too quick. I'm thinking it would be nice if
you could see what type of throttle was triggered:
cfthrottle.type = "normal"
cfthrottle.type = "quick"
Because you might want to not fail on quick throttles so easily.
HTH,
.Peter
ziggy said the following on 11/08/2009 03:47 AM:
> I'm trying to get this tag to work but the results are very odd.
>
> <cfthrottle token="#cgi.REMOTE_ADDR#" hitthreshold="20"
> hittimeperiod="10000">
> <cfif CFTHROTTLE.throttle>
> <cfheader statuscode="503" statustext="Too many attempts">
> <cfheader name="Retry-After" value="180">
> <cfparam name="CGI.HTTP_REFERER" default="">
> <cfmail to="----------------"
> from="------------------"
> subject="20 Retries in 10 seconds by #cgi.REMOTE_ADDR#"
> type="HTML">
> <p>Who: #cgi.HTTP_USER_AGENT#</p>
> <p>From: /#cgi.REMOTE_ADDR#</p>
> <cfdump var="#cfthrottle#">
> </cfmail>
> <h1>Too many attempts.</h1>
> <cfexit method="request">
> </cfif>
>
> I don't see any emails when it kicks in where it has 20 hits. All are
> lower like:
>
> struct
> AGE 1399
> HITCOUNT 2
> LASTHIT 150
> THROTTLE YES
> TOTALHITS 6
>
> Why is this invoking the throttle??? Shouldn't HITCOUNT have to be 20
> every time? This guy doesn't even have TOTALHITS of 20 yet, though
> others have more.
>
> (I also had a different one on our admin login page with a lower
> hitcount and sometimes it would block me after 1 hit only!)
>
> It also doesn't seem to do much anyway. I opened 20 tabs quickly and
> then some were blocked but then the next ones weren't, so what good is
> it? How is it actually throttling someone? Abusers won't care about
> retry-after. Why isn't there a blockperiod attribute? Or how should I
> do that?
>
> Finally, what is the bizarre Age date format? Docs say "AGE - the date
> since the first hit" The Middle Ages, 1399, was a while a go ;-)
> Seconds?
>
> Any practical "full" advice on using this to block people downloading
> the whole site, or abusive spiders?
>
> Thanks.
>
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
Open BlueDragon Public Mailing List
http://groups.google.com/group/openbd?hl=en
official site @ http://www.openbluedragon.org/
!! save a network - trim replies before posting !!
-~----------~----~----~----~------~----~------~--~---
