Possible race condition observed with autocert

Have you considered issuing a PR to autocert that would do things like:

  • cripple the package if they don't set the email address
  • set a header that would identify the package and version, so you could throttle/block on a firewall level?
1 Like

I've been meaning to do this, but haven't gotten around to it. If you'd like to do it, please feel free!

Autocert does set a package name already, so that's good. What we want mainly is a fix for the bugs that cause excessive traffic. We do have rate limits in place that prevent autocert from causing production impacts, so this is mainly a matter of preventing it from consuming excess resources uselessly. For instance, even when we block a specific user-agent or IP address, our LB or firewall is still doing a certain amount of work to reject each request. Much better to get things fixed at the source.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.