DocDemar
commented
2 years ago The things you describe are all features of a functional typeahed search
Closed Montago closed 1 year ago
DocDemar
commented
2 years ago The things you describe are all features of a functional typeahed search
Montago
commented
2 years ago What do you mean ?
Are these issues fixed and published already ?
DocDemar
commented
2 years ago I don't think we have experienced the things you desribe as problems The servers are very seldom unreachable for more than a few seconds so the server will almost always answer a request within seconds - so the 120 request should never reach DAWA - we have never experienced any DDOS like situation. Autocomplete might be sending 120 request if something goes wrong on the requests way to DAWA
could you please elaborate on what you think is a problem here
Montago
commented
2 years ago Yesterday i wanted to find a Fiber provider using the address lookups on the providers on these sites: https://tdcnet.dk/fiber/udbydere/ NONE of them worked.
About half of them use this DAWA API to do the lookup, the rest have propably created their own UI but use the DAWA in the backend.
Similarly i've never succeded at creating a profile in my badminton club : https://grevebadminton.dk/ because its also using this API.
And in all cases where this API is used i noticed that the autocompleter is sending a request for every textchanged event + endless retries.
This WILL result in DDOS and cause the service to malfunction.
Montago
commented
2 years ago https://www.dansknet.dk/ address lookup doesnt work at this moment - neither does grevebadminton.dk
iamfrank
commented
1 year ago We can probably introduce a debounce function in the UI to lessen the amount of API pings. This is pretty low on the priorities list, though, and will also depend on the update schedules of the services mentioned.
Montago
commented
1 year ago So - After contacting DAWA support i was explained that the problem wasn't the servers nor the script.
Apparantly my Firewall / Antivirus is blocking the DAWA Lets Encrypt Certificate, which prevents conencting to their systems.
I'm using the company issued ESET Endpoint Security in case you are wondering.
Sorry about this ticket :D It seemed so obvious that 1000s of computers pinging 2 times a second would DDOS the backend. but alas i was wrong.
Everywhere this script is deployed, the address lookup isn't working. And the reason is quite obivious.
This script calls the DAWA API on EVERY keypress. Not only that, the default is to rety 2 times pr second if the server isn't answering.
Within a minute of waiting, every visitor of every site that has this script , sends 120 requests to DAWA.
This needs to be fixed ASAP.
May i suggest that the defaults are :