Skip to content
  • Home
  • Categories
  • Recent
  • Popular
  • World
  • Top
  • Tags
  • Users
  • Groups
  • Documentation
    • Home
    • Read API
    • Write API
    • Plugin Development
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo
v3.10.3 Latest
Buy Hosting
  1. Home
  2. NodeBB Development
  3. Flooding and rate limiting socket connections?

Flooding and rate limiting socket connections?

Scheduled Pinned Locked Moved NodeBB Development
3 Posts 3 Posters 789 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • asamolionA Offline
    asamolionA Offline
    asamolion Gamers
    wrote on last edited by
    #1

    I've seen that there is a file called ratelimit.js in which NodeBB limits the number of connections that can be simultaneously connected to the app. When this limit is crossed, it disconnects users from the socket connections.

    var allowedCalls = 100;
var timeframe = 10000;

    if (socket.callsPerSecond > allowedCalls && socket.elapsedTime < timeframe) {
    winston.warn('Flooding detected! Calls : ' + socket.callsPerSecond + ', Duration : ' + socket.elapsedTime);
    return true;
}

    Why is this necessary? Is it not possible to connect as many users as our server can handle and scale using load balancers etc?.

    Why is this setting hard coded into the application?

    P.S. I'm using NodeBB v1.5.3.

    1 Reply Last reply
    0
    • PitaJP Offline
      PitaJP Offline
      PitaJ Global Moderator Plugin & Theme Dev
      wrote on last edited by
      #2

      1.5.3? Why? That's very old at this point.

      Socket connections can be used to DDOS, which I assume is why that exists. Maybe it should be a configurable value.

      1 Reply Last reply
      0
      • barisB Offline
        barisB Offline
        <baris> NodeBB
        wrote on last edited by
        #3

        That check is applied on a per user basis, it is there to prevent a single user from making thousands of calls, it doesn't limit concurrent users.

        1 Reply Last reply
        0

        Copyright © 2024 NodeBB | Contributors
        • Login
        • Don't have an account? Register
        • Login or register to search.
        Powered by NodeBB Contributors
        • First post
          Last post
        0
        • Home
        • Categories
        • Recent
        • Popular
        • World
        • Top
        • Tags
        • Users
        • Groups
        • Documentation
          • Home
          • Read API
          • Write API
          • Plugin Development