[Bug]: API requests can take down whole site #2607

kimadactyl · 2024-09-09T11:01:38Z

Description

I was messing around with the TransDim repo and noticed that the PlaceCal.org main site was down due to our AppSignal monitoring. On further investigation the requests being sent by TransDim locally effectivly denial-of-service'd the whole PlaceCal site. I'm not 100% on cause here but it looks like a very likely suspect.

It should not be this easy to take down the whole PlaceCal site and this needs mitigating somehow.

Steps to reproduce

Load up TransDim repo
Set PLACECAL_API=https://placecal.org/api/v1/graphql in .env
Muck about a bit
Note downtime from PlaceCal.org

What you expected to happen

What would you like to happen instead?

Platform (if relevant)

What device and browser were you using?

Possible fixes

Add simple authentication or domain whitelist to the API endpoint #1069

The text was updated successfully, but these errors were encountered:

kimadactyl · 2024-09-09T11:11:58Z

@katjam - unsure best way to address this? API authentication and/or some kind of rate limiting?

kimadactyl added the bug Release Drafter category - bug impacting the normal functioning of existing features label Sep 9, 2024

kimadactyl added this to the Maintance mode showstopping issues milestone Sep 9, 2024

kimadactyl added the vvv Very Very Valuable label Sep 9, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug]: API requests can take down whole site #2607

[Bug]: API requests can take down whole site #2607

kimadactyl commented Sep 9, 2024 •

edited

Loading

kimadactyl commented Sep 9, 2024

[Bug]: API requests can take down whole site #2607

[Bug]: API requests can take down whole site #2607

Comments

kimadactyl commented Sep 9, 2024 • edited Loading

Description

Steps to reproduce

What you expected to happen

Platform (if relevant)

Possible fixes

kimadactyl commented Sep 9, 2024

kimadactyl commented Sep 9, 2024 •

edited

Loading