myetherapi icon indicating copy to clipboard operation
myetherapi copied to clipboard
verified publisher icon MyEtherWallet

web3 preflight options request blocked by Cloudflare

Open imaibou opened this issue 8 years ago • 6 comments

When trying to use the API in browser via web3.js, no call is being processed by myetherwallet. After investigation, it turn out that the OPTIONS request made by the browser to check CORS support is not getting passed to the MyEtherWallet API endpoint, and is instead blocked by the Cloudflare server. Following is the OPTIONS request and the corresponding CloudFlare response:

Request:

OPTIONS /eth HTTP/1.1 Host: api.myetherapi.com Connection: close Access-Control-Request-Method: POST Origin: null User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2837.0 Safari/537.36 Access-Control-Request-Headers: content-type Accept: / Accept-Encoding: gzip, deflate Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4

Response:

HTTP/1.1 403 Forbidden Server: CloudFront Date: Tue, 05 Dec 2017 10:03:40 GMT Content-Type: text/html Content-Length: 555 Connection: close X-Cache: Error from cloudfront Via: 1.1 d7d3ef7b74c87e295676d270227068b9.cloudfront.net (CloudFront) X-Amz-Cf-Id: DDvrcDeSkZnlXMvMnrbqXQmdh51Z5oKIsTFm0sWR9Ri8DlZ1YoeG3g==

ERROR: The request could not be satisfied ERROR The request could not be satisfied.
Request blocked. 
Generated by cloudfront (CloudFront)
Request ID: DDvrcDeSkZnlXMvMnrbqXQmdh51Z5oKIsTFm0sWR9Ri8DlZ1YoeG3g==

imaibou avatar Dec 05 '17 10:12 imaibou

It appears that myetherwalletapi config blocks certain regions / IP ranges from accessing it.

freeatnet avatar Jan 07 '18 18:01 freeatnet

If you hit over 200 requests / minute, you'll be blocked for ~1hr, regardless of region.

tayvano avatar Jan 08 '18 07:01 tayvano

@tayvano Fairly sure I did not issue over 200 rpm at any point. Can you confirm? https://gist.github.com/freeatnet/a1f8c085617a2d30862e5c97cefc80b2

freeatnet avatar Jan 08 '18 07:01 freeatnet

@tayvano And again today. Please check into it.

freeatnet avatar Jan 10 '18 00:01 freeatnet

Was blocked just after 5 minutes...

ERROR The request could not be satisfied. Request blocked. Generated by cloudfront (CloudFront) Request ID: z58hYuLjQNPnO-j1pp6sR-ud8_zL8NZeVrVTVp9KKcocgZjjS154Tw==

Where i can read limits?

Fi1osof avatar Feb 04 '18 19:02 Fi1osof

For what it is worth I just had this happen to me, the source for me appears to be the example index.html that comes with myetherapi, it "monitors" all transactions and seems to refresh pretty quickly. Might want to add some type of warning that the example can get you blocked from the main api within a few minutes.

Tenareth avatar Feb 12 '18 19:02 Tenareth