Fastly Rate Limiting not working with Graphql #504
Comments
|
Merchant current protected paths setting: https://nimb.ws/1dFLIN |
|
We are looking into it. |
dpotkoc
added a commit
to favicode/fastly-magento2
that referenced
this issue
Feb 10, 2022
|
Hi Team, |
|
This has been fixed in version 1.2.179. Please update the plugin and restest. |
MickaelDatadome
pushed a commit
to DataDome/fastly-magento2
that referenced
this issue
Oct 5, 2023
MickaelDatadome
added a commit
to DataDome/fastly-magento2
that referenced
this issue
Oct 5, 2023
Co-authored-by: Shohei Maeda <irt_m.jrsyo@ntworkers.com> Co-authored-by: Domagoj Potkoc <domagoj@favicode.net> Co-authored-by: kirgiv4oja <lukas.scharmitzer@gmail.com> Co-authored-by: Vladimir Vuksan <vlemp@vuksan.com> Co-authored-by: Pawel Siejba <60777305+pawel-siejba@users.noreply.github.com> Co-authored-by: Andrew Kett <andrew.kett@overdose.digital> Co-authored-by: Peter Dohogne <pdohogne@magento.com> Co-authored-by: Lex <lex.koomen@kega.nl> Co-authored-by: Dan Wallis <mrdanwallis@gmail.com> Co-authored-by: Sean <sean@wahoofitness.com> Co-authored-by: Domagoj Potkoc <dpotkoc@gmail.com> Co-authored-by: Jack Scotson <jackscotson@gmail.com> Co-authored-by: Bohdan Korablov <korablov@adobe.com> Co-authored-by: github-actions <smaeda-ks smaeda-ks@users.noreply.github.com> Co-authored-by: Alejandro Marroni <alejandrom@onetree.com> Co-authored-by: github-actions <vvuksan vvuksan@users.noreply.github.com> Co-authored-by: Vladimir Vuksan <vvuksan@users.noreply.github.com> Co-authored-by: Joao Oliveira Pereira <jfopereira@gmail.com> Co-authored-by: Borna Butkovic <borna@favicode.net> Co-authored-by: Frangolacci Sebastien <67907942+Prunecreation@users.noreply.github.com> Co-authored-by: Borzas Laszlo <lborzas@eshopworld.com> Co-authored-by: mizdebski-netacea <marek.izdebski@netacea.com> Co-authored-by: Pawel Siejba <pawel.siejba@vaimo.com> Co-authored-by: ivanviduka <viduka.ivan@gmail.com> Co-authored-by: Lauredg <laure.degrieve@datadome.co> Co-authored-by: Lauredg <93923163+Lauredg@users.noreply.github.com> Fix unset req.http.graphql fix typo (fastly#464) fix Fastly const value ti int value fastly#466 fix plugin annotation fastly#466 fix fastly#466 fixing old value in core_config_data fastly#466 fix type check in Image (fastly#472) fix config save - image optimization fastly#476 Fix ambiguous behavior in Blocking toggle (fastly#479) Fix type check (fastly#483) Fix bugs in upadte backend dialog (fastly#487) Fix for: GetUpdateFlag call flushes all configuration fastly#499 Fix for fastly#504 fix for fastly#520 fixing duplicate line reported under issue#518 Fix fastly#393 fix fastly#393 Fix javascript fastly#544 fix fastly#551 fix getImageOptimization - Deprecated Functionality: explode(): Passing null to parameter #2 fix for fastly#549 as submitted by customer
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The Merchant enabled Fastly Rate Limiting on the environment and set it up for graphql requests but it doesn't appear to be working for the graphql request.
It was set to block after 10 requests in 180 seconds (5 minutes) for the path /graphql and it doesn't get blocked using this url https://mcstaging.toyota.com/graphql?query={category(id:2){children{name,url_path}}}
Several permutations for the regex path were tried but none of these are working either /graphql(.), ^/graphql , ^/graphql(.) , (.)/graphql(.)
Rate limiting was proven to work on category pages with regex for path = (.)/catalog/category(.) So fastly seems to be set up properly.
https://mcstaging.toyota.com/default/catalog/category/view/s/parts/id/379/
When checking the header responses for that graphql request, cache miss is returned
curl https://mcstaging.toyota.com/graphql -G -d "query={category(id:2){children{name,url_path}}}" -vo /dev/null -H Fastly-Debug:1
< x-cache: MISS
< x-cache-hits: 0
According to the documentation, this should be cached https://devdocs.magento.com/guides/v2.4/graphql/caching.html
Fastly will only cache GET requests that contain a query parameter in the request URL.
If the same is done for the category page, a cache hit is returned
curl https://mcstaging.toyota.com/default/catalog/category/view/s/parts/id/379/ -vo /dev/null -H Fastly-Debug:1
< x-cache: MISS, HIT
< x-cache-hits: 0, 1
With the fastly rate limit logging enabled, these entries are returned when hitting the category page but not the graphql requests
[2022-02-07 16:16:16] report.INFO: First tag hit during a window. Starting the counter for: "fastly_rl_sensitive_path__174.204.5.87 [] []
[2022-02-07 16:16:41] report.INFO: Hit inside enforcement window: "fastly_rl_sensitive_path__174.204.5.87" Count: 5/10 Window length: 25 secs/180 [] []
Note Different graphql requests were tried but returned the same results. (AKA cache misses with nothing reported in the fastly rate limit log.)
Please advise on if the rate-limiting feature works with graphql queries.
The text was updated successfully, but these errors were encountered: