Limit requests in a particular time from the same IP

forsberg

7/18/24, 7:38 AM

I found that there is a bug in a library of an app that sends requests to my server. It sends sporadically twice the same requests instead of one in the same time. It makes the app working incorrectly.

Can I deny more than 1 request to the server in an interval of about 1-1,5 second? If so, how can I do that? If not, what could be a work-around for not accepting more than 1 request at the same time?

The only idea that comes up to my mind is to save (log) all requests with their IP address into the DB that come to the server, read the latest record saved in the log for the particular IP, and disallow the further code running on the level of PHP (server application) if it was sent in the interval of 1-1,5 s.? Any other options?

0 + 6

php

apache-2.4

Esa Jokinen

7/18/24, 7:57 AM

Fix the library. The suggested solution will probably break something else. It is normal in HTTP that a client sends multiple requests in a short time. Press F12 on your browser and observe the Network tab for a while.

Esa Jokinen

7/18/24, 7:58 AM

But if you wish to take that approach in PHP, you don't have to log every request in the database. A simple table with `ip` & `last_seen` timestamp should do it.

Esa Jokinen

7/18/24, 8:00 AM

This might also be helpful, if you use ModSecurity: https://stackoverflow.com/a/20356408

HBruijn

7/18/24, 8:02 AM

My gut reaction is that the best place to make that fix is of course to address the root cause and update that library. A more generic approach is to update your app and serverside code to work with some form of request (transaction) identifier that allows you to identify and subsequently ignore duplicate transactions. - Rate limiting in apache is possible, but that approach is typically intended to prevent abuse and a really low treshhold might make your server also unusable for regular use

forsberg

7/18/24, 8:06 AM

Thanks for suggestions. Fixing the external library, which is not directly related to my server code, is out of my possibilities. It is C# mobile Xamarin nuget library (called Refit), but I found that more people in Xamarin development have the same issues. I already log most of requests, including their ip and datetime of the request in mysql, so this is what comes to my mind.

forsberg

7/18/24, 8:19 AM

"It is normal in HTTP that a client sends multiple requests in a short time" - not in this case. One click in the mobile app sometimes sends 2 same requests. But normally it sends one. It's an obvious issue with the mobile app's networking library. It's not a matter of sending actually multiple requests, but the fact that the same request is sometimes sent twice, not a single time.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Limit requests in a particular time from the same IP

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.