discord-api-docs icon indicating copy to clipboard operation
discord-api-docs copied to clipboard

Published 20 hours ago verified publisher icon discord

Cloudflare Ban on `/api/v10/invites` despite staying below ratelimit and not having received `4XX` status ?

Open mxcabre opened this issue 1 year ago • 6 comments
trafficstars

Description

My bot logs invitation links sent in chat for statistical tracking. To achieve this, it fetches the server associated with the invitation link to identify invitations pointing to the same server. Recently, my bot was banned from Cloudflare for 24 hours, despite not exceeding the rate limit. The ban occurred after retrieving the 251st invitation within a span of fewer than 10 minutes. All other API routes are functioning correctly, but access to this specific route is blocked for 24 hours.

Steps to Reproduce

  1. Send 250 requests to /api/v10/invites within a 10-minute window. USE VALID INVITES CODES and wait 1 second between each requests to prevent 429 responses.
  2. Send one additional request to /api/v10/invites.
  3. Enjoy your Error 1015 ban from Cloudflare even though you haven't received a 4XX status code response.

Expected Behavior

No ban since I haven't received any 4XX status. If there is a specific rate limit for the /api/v10/invites route, it should be clearly documented to prevent unintended bans. Either a defined rate limit bucket for this route should be provided, ensuring bots can manage requests appropriately without triggering a ban, or the ban should be removed altogether, as the current duration of the ban (24 hours) is excessively long for staying within documented rate limits.

Current Behavior

After sending 250 requests to the /api/v10/invites route within 10 minutes, a 1015 Cloudflare ban is triggered on the next request. This ban lasts for 24 hours, even though the bot remains within the documented rate limits. Other API routes remain functional, but access to the /api/v10/invites route is blocked during the ban.

Screenshots/Videos

No response

Client and System Information

Debian 12, discord.js.

mxcabre avatar Sep 16 '24 14:09 mxcabre

https://github.com/discord/discord-api-docs/issues/6643 is also related. https://github.com/discord/discord-api-docs/issues/1771 could also be related.

mxcabre avatar Sep 16 '24 14:09 mxcabre

Are you on a shared public IP address? It's possible other applications running on the same IP are causing this https://discord.com/developers/docs/topics/rate-limits#invalid-request-limit-aka-cloudflare-bans

wnelson03 avatar Sep 16 '24 16:09 wnelson03

Are you on a shared public IP address? It's possible other applications running on the same IP are causing this https://discord.com/developers/docs/topics/rate-limits#invalid-request-limit-aka-cloudflare-bans

No, it's a dedicated server and I have my own ASN. It's a dedicated IP from my ASN range.

PS: The ban only applies to the /api/v*/invites route. All other routes are accessible despite the Cloudflare ban. As a result, my bot is working normally but is just no longer able to retrieve the data from the invitation links.

mxcabre avatar Sep 16 '24 17:09 mxcabre

did you receive a number of 4XX status codes in those 10 minutes? multiple 4XX errors in a small timespan can lead to this sort of rate limiting

we will not be documenting the rate limits associated with endpoints, please consult this documentation https://discord.com/developers/docs/topics/rate-limits#exceeding-a-rate-limit

afgiel avatar Sep 16 '24 18:09 afgiel

did you receive a number of 4XX status codes in those 10 minutes? multiple 4XX errors in a small timespan can lead to this sort of rate limiting

we will not be documenting the rate limits associated with endpoints, please consult this documentation https://discord.com/developers/docs/topics/rate-limits#exceeding-a-rate-limit

Since the bot attempts to retrieve the invitation data for all invites sent in the chat, some of the invitations were invalid, resulting in 404 errors. Otherwise, I haven't encountered any rate limits. A 24-hour rate limit seems excessive, especially for one that hasn't been documented. Given that the bot is active on many servers, I may need to test up to 200 invitations every 10 minutes. My use case involves statistical analysis of member engagement and displaying the servers most promoted by members.

Update: To clarify, I did not receive any 429 response codes, only a Cloudflare ban. I have no other bots on the server and use my own dedicated IP.

Update 2: I can reproduce the issue with the same valid invite code. There are no 4XX errors, but I'm still encountering a Cloudflare ban. Additionally, the x-ratelimit-remaining header consistently shows 49 for each request.

mxcabre avatar Sep 17 '24 04:09 mxcabre

did you receive a number of 4XX status codes in those 10 minutes? multiple 4XX errors in a small timespan can lead to this sort of rate limiting

we will not be documenting the rate limits associated with endpoints, please consult this documentation https://discord.com/developers/docs/topics/rate-limits#exceeding-a-rate-limit

As you mentioned, the provided documentation covers Cloudflare rate limits, typically triggered by invalid HTTP status codes like 4XX.

However, the current invites endpoint imposes a specific rate limit even when no invalid status codes are encountered.

While you've stated that rate limits for individual endpoints won’t be documented, your own documentation indicates that rate limits should be handled using the bucket hash. Unfortunately, this particular rate limit doesn’t follow that convention, lacks a bucket hash, and operates on an unusually long timespan. The limit of 500 requests per 24 hours is extremely restrictive, especially for a bot operating on more than 1,000 servers, with some of them hosting over 50,000 members across ~100 guilds.

RealAlphabet avatar Sep 30 '24 05:09 RealAlphabet