archethic-node
archethic-node copied to clipboard
archethic-foundation
Invalid request limit using api /aeweb
Describe the problem you discovered
When we use aeweb to host a website, we can access it using the api "https://testnet.archethic.net/aeweb/[genesis]/". Also to protect the nodes against DDOS attack, there is a request limiting rate on the endpoint. There is a difference between "/aeweb" endpoint which allow 500 request/sec and other endpoints which allow 20 requests/sec.
For some reason, when a website is loaded from the "/aeweb" api, some resources are loaded without the api in the url. i.e. the browser should request "https://testnet.archethic.net/aeweb/[genesis]/image.png" but it request "https://testnet.archethic.net/image.png". To solve this issue, the node looks at the "referer" value in the request headers and can retrieve the "/aeweb/[genesis]" value and then redirect the request to the right url, so the user receive the expected file it asked.
But the problem is that the referer lookup is not done under the "/aeweb" endpoint and so it is limited at 20 requests/sec and so the user cannot load the file as it receive a 429 too many request response
Describe the solution you'd like
The lookup for the "referer" header should be done before being limited by the 20 requests/sec
Epic
No response
