Request block, This is to stop flooding of our server.

[Aesir]

Hi, I wanted to list a couple of ways I use the site here at WoWI, and point out where I am seeing the entitled notification message, "Request block, This is to stop flooding of our server."

The aim of this feedback is two-fold:
1) It provides a way for site admins to see what/where they may tweak how the site handles requests, while still accomplishing the stated objective of blocking floods, and
2) Responses to this feedback might point out ways for me to utilize the site more effectively, accomplishing what I want as a site user - but without seeing the notification message or otherwise screwing things up.

How I use the site:
I manually update my addons through various sources, though I personally would prefer just having one source. Auto-updating hasn't been reliable for me, for any of the client downloader/updaters available, since forever. But that's okay because I just manually update files, as desired.

This process includes downloading addons from WoWI, wherever WoWI appears to be hosting the most current or up-to-date source for revisions. I also will use the addon portal page forums to provide direct author feedback or ask questions about a given addon.

Thirdly, I intend to use the site as source of info about addon creation and (in particular) UI modification. The reason for this is that I intend to release an addon that is going to rock everyone's world. Seriously, this addon is going to cause about 200 frame xml errors each time it loads, because that's exactly what the first version is likely to do (since I don't actually know how to create addons from start to finish yet...). Kidding aside...

Within the context of how I utilize WoWI, I observe the following:
Firefox: Open All In Tabs
Using Firefox's bookmarks toolbar, I add URL bookmarks linking to individual addons hosted here and at other locations. These links are URLs to the addon portal page, not to any file download location. I then use Firefox's "Open all in tabs" option to load up the discrete pages in separate tabs.

A recent change to the site (or, perhaps, a recent change *somewhere*) doesn't seem to allow this functionality. I will receive the entitled notice after the 1st tab opens to the addon portal page. In other words, I can't request a 2nd page to this site within about a 4 or 5 seconds period.

WoWI Favorites
Another way to store/maintain links to the addons homed at WoWI is to use the site's own "Favorites" option. I have used this, and am currently in process of updating my own "Favorites" to reflect changes seen with WoW 3.x. Seeing the issue with the above, "Open all in Tabs", I starting just linking to my Favorites page and then manually and individually clicking the links in my Favorites page on this site, to open up each addon in it's own tab. In this manner, I can then continue on to review each addon, it's forums, and of course, check for any news or updates to the addon itself. After review, I close out the tab, and the next tab appears for me to continue my process.

However, what I find is that again, there must be an approximately four or five second pause between opening individual pages. I've timed it, and yes there is some variance (sometimes as low as about 2 seconds, and sometimes - especially if the entitled page error appears one time - I can end up waiting and reloading unsuccessfully for quite a while before I can get past the Flood-O-Meter).

Addon page (and general forum?) << < > >> 1 2 3... Page navigation links:

I ran into the entitled flood warning actually just trying to use forward/back first/last addon portal topic navigation links. I presume that any page at all that comes from the AddOns tab linked on the home page is filtered/checked/vetted by the Flood-O-Meter.

Now, I must say, I am getting old and I cannot possibly be the fastest web link clicker in the world - and I know that I am not as fast or furious as some auto-updater leeching bits off your site. So, I think that even if we come to learn or agree that how I would prefer to navigate the site in my first two scenarios is 'bad' in some way, I think that this last scenario of just 'normal' site page navigation points to some potential for fine-tuning the flood control methods used by WoWI.

Some hopefully useful feedback... hope you see it as such.

Thanks!


P.S. I tend to focus on the negatives because IRL I'm a glass half-empty person. This shouldn't mean that I don't see absolutely great things about this site, or about a given addon that I may comment on. I should put this statement in my signature because as a glass-half-empty person, it's a real hassle to keep letting WoWI folks know that I still love them.

[Dolby]

"Request block, This is to stop flooding of our server."

This was enabled to keep our site alive during patch week. Our 1 main httpd server couldnt handle all the page requests. We are working to scale our server setup for the next big patch day.

The main reason we couldnt handle it was because wowmatrix would slam our fileinfo pages to parse them for the version info and download link. With people having 50+ addons and thousands using it every time before they load wow our poor server was having major trouble. So we added some flood control that wouldnt affect the majority of the people using our site.

[Vranx]

Originally Posted by Dolby "Request block, This is to stop flooding of our server." So we added some flood control that wouldnt affect the majority of the people using our site.

I must not be in the majority, it was driving me crazy, to the point where I actually went to Curse instead. It stinks that wowmatrix is killing the site, isnt there a way to block their IP from accessing the files?

[Dolby]

No, its when wowmatrix is used. Every one of their users has a different IP and their program has a random user agent.

I had to re-enable the flood control again, trying to figure out my options.

[Petrah]

Is that what was happening earlier (lots of site hits, or floods from WM)? I could not get this site to load quickly for anything in the world. Now it's loading just fine.

[Dolby]

yes, wowmatrix hammers our file info page acting like a ddos attack.

[Aesir]

Originally Posted by Dolby I had to re-enable the flood control again, trying to figure out my options.

The reason I'd tried to get very detailed about how I use the site was to (hopefully) provide a way to figure out some distinguishing factor between a human at the keys and a wowmatrix client.

I know the reason the flood control is in place, I'm just trying to help find a way to get that perfect balance. My guess is that you are as well.

Thanks for the responses.

[Duugu]

Did you ever thought about a system with captchas and dynamic generated download links?

[Aesir]

Originally Posted by Duugu Did you ever thought about a system with captchas and dynamic generated download links?

I know it seems an obvious solution, but I happen to fail at captcha images more than half the time, and I don't think I'm alone.

But there is a system that appears to work as well or better, and doesn't involve obfuscated images. I don't know what it is called, but it displays a question in clear text, e.g., "What is 11 + 4" ** and a person inputs the answer. That wouldn't be horrible. Captcha images are hell though.


** or
Q: "What is your favorite colour?"
A: "blue... no, green!" Aaaaaiiieey!!

[Seerah]

Originally Posted by Aesir ** or Q: "What is your favorite colour?" A: "blue... no, yellow!" Aaaaaiiieey!!

fixed

edit: I have seen that before, Aesir - anther good idea.


We have thought of both ideas, Duugu. We're figuring out what's best for the site atm, to not burden users.

[Shirik]

Originally Posted by Duugu Did you ever thought about a system with captchas and dynamic generated download links?

While this is an obvious solution, it's also a solution that would be against what we prefer due to the extra burden it places on the users. The objective here is to find a resolution without actually impacting the frequent users of the site that we <3 so much

[Duugu]

Q: "What is your favorite colour?" A: "blue... no, yellow!" Aaaaaiiieey!!

...
roflol

[Dolby]

It may have to come down to something like that, however I've been trying to avoid that.

[Duugu]

Originally Posted by Shirik While this is an obvious solution, it's also a solution that would be against what we prefer due to the extra burden it places on the users.

Sure. There are drawbacks.

Could a better system be something with user sessions and a single captcha for every new session?

[Elloria]

Really the extra step to type in a few letters or click something before i download something would not be a burden, more of a friendly reminder that the site is blocking out the bad guys

[dafire]

Before you add captchas or stuff like that I'd rather enforce people to login before downloading.. or just add captchas to logged out people

[Yhor]

Originally Posted by dafire Before you add captchas or stuff like that I'd rather enforce people to login before downloading.. or just add captchas to logged out people

This seems like the most reasonable request to me; imo, I think people are starting to flock here regardless of 'ease of use' on a website, due to the security that WoWI has shown in keeping us safe(r) than the rest.

[Vyper]

Another (possibly temporary) solution it seems to me would be to place a cookie. No cookie, no download service. Its most easy accomplished along side dynamic download links, but it can be done even within apache, not allowing access to a direct download unless a cookie is enabled.
To make it more clear:

1. User visits a WoWI page, and it places an authentication cookie. This is where I suspect WoWMatrix fails, though they might come up with a solution in short order.
2. Assuming your using apache (if your using IIS your on your own) downloads are now hosted in a separate virtual host/alias which requires cookie authentication. (there are a couple modules that provide this). Voila!

I suspect this would at least slow them down for a little while. A somewhat more complex scheme could possibly solve the problem on a more permanent basis.

[Burgestrand]

Depending on the user base you could use a javascript solution. I highly doubt that any updating client to date will parse and execute javascript. Although I haven't done any testing.

Then again, that's only viable if a lot of your users have javascript enabled. For those who hasn't, a more brutal check would be appropriate (captcha, logic images, whatever) to “block” it.

Just a suggestion.

PS: Lighty has a secure download module (similar to what Vyper suggested). I don't think that approach would be effective, though, as cookie validation is extremely simple to implement in a downloader: use CURL (which I suspect some downloaders already do) and turn on cookie support.

[Aesir]

Just an update for feedback from my original post.

Haven't seen the problem outside of when WoWI switches to what I hear others term as, "low-bandwidth mode" for when the site is hit hard on patch days or what-not.

I'd also like to back-track on any ideas/suggestions with respect to anything relating to captchas or anything similar that requires additional key/mouse inputs to validate a connection. Reason being, that's a cure that is probably worse than the disease.

In any case, the point of the OP was more to provide feedback on when the issue appeared for 'regular users', with the hope that things could be tweaked to account for such situations. Thanks for the responses, WoWI team (and everyone).