Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Protect against ddos
I just do not know how to disable the alert message
http/1.1 429 too many requests
It shows twenty times one over the other.
Besides everything looks fine.
So it was easy to suppress the exception message

procedure TIWUserSession.IWUserSessionBaseCreate(Sender: TObject);
   (all lines of the procedure)
      // silent exception
The question remains.... I don't know what are the requests that are bombing your application. Before trying to solve the problem you first need to understand what is happening. Then we can proceed.
I do not think it matters to explain the situation. I set
ServerController.LogSessionEvents to TRUE and got log file with illegible content. Anyway test
as I suppose, accidently simulates a regular DoS attack. They open many sessions within a short time and do not close them. Indy has a built in procedure to deal with it and automatically refuses too many requests within a short time period as test returned some sites indicating my app unaccessability. Only about 30 sites answered that my app was accessible, and I had not done anything in the code to limit the number of customers who got a response that my site was accessible.

But later the intraweb server worked fine and answered requests in a normal way. So it not a problem with intraweb.

When I have tried another test at
they work in a different way. They send something like "ping" or a similar request because open session is closed immediately when they have got a response from intraweb app.
Hi, i tested my site and everything goes ok. I will recommend you change to http.sys.


Please make the log file generated available via Dropbox or G-drive and send me an email with a link so I can download it. 

The log file is a binary file (not text) and can be read with our tool:

I can check your log file and find out what exactly is happening with your application.

Regarding Indy. I've already created 4 or 5 *thousand* sessions in less than 1 minute and never had any issues like that. In a stress test application I usually create 2K sessions within a few seconds and it works fine.
I have not had the time yet to do the test. Anyway the alert message did not appear in the earlier versions of intraweb.

I have moved the server app to a fast connection VPS and it seems to have helped to a degree.
Besides, there is on interesting thing.
When I use
I get error connection (red answer on the test)
whereas while using
WebApplication.Terminate('server overloaded')
returns no errors (all green answers)
This message comes from Indy, not IW. I doubt very much that this is related to IW version, because Indy hasn't changed lately and IW has no control over the number of incoming requests.
If Indy says that you are receiving too many requests, you probably are.
This does not look like an Indy error. I think you have a forced proxy and that the issue is from your provider. Possibly a DDOS intervention or load restrictor.

I dont remember Indy having any such code and I just did a quick search on HTTP server and I dont see any usage of error 429.
Yes, you are right. I couldn't find anywhere in Indy where it responds with 429. It comes from somewhere else.

Besides that, as I already pointed out in another thread regarding this same subject, I can easily create 5000 sessions or more in less than 30 seconds using jMeter as I do in stress tests and it just works, using any IW application with Indy server. No problems at all.

Forum Jump:

Users browsing this thread: 1 Guest(s)