ingshtrom
commented
2 years ago Here is a CSV of 429 response codes we have received from the IPs you listed. Hopefully this helps narrow it down a bit 2207-429s-2.9.22.csv
Closed jeeloo closed 2 years ago
ingshtrom
commented
2 years ago Here is a CSV of 429 response codes we have received from the IPs you listed. Hopefully this helps narrow it down a bit 2207-429s-2.9.22.csv
jeeloo
commented
2 years ago Thanks, I think I have I stopped the main offender in the list but it seems we are still getting blocked. Can you provide some data for the last 24 hours that shows what is causing the block on your end ?
ingshtrom
commented
2 years ago This is from 2/10/22 1400 UTC - 2/11/22 1400UTC.
It seems to have gone down dramatically since the first queries, so you are definitely getting close!
jeeloo
commented
2 years ago What is the criteria for getting a 429 or being blocked ? From what we can tell it is only the server "Artifactory/7.31.10 73110900" in your list that is getting blocked the other one seems to be working just fine even though it shows up in your list.
ingshtrom
commented
2 years ago Here is the same data that I sent you a couple hours ago, but with a backend_name column.
If the backend_name column says registry_auth, then the request provided an invalid username + password combination and is being rate limited due to incorrect authentication credentials. This has a cooldown period of 10 minutes and it is per-username, not per IP.
If the backend_name column says 429_ratelimit_registry_pulls, then the request is hitting our Docker Hub Registry pull rate limiting, as explained in our documentation. These are attached to a username or IP, depending on how the client is authenticated. If the client is using a logged in user as authentication, then it will be per-username. If the client is anonymously authenticating, then it is per-IP. These are calculated on a rolling-time-window of 6 hours, so you can easily hit the limit, back off for a bit, and continue working just fine. That could explain why it seems those clients are not having issues.
We also have anti-abuse rate limits. You are not hitting those and we do not publish the numbers for those rate limits.
jeeloo
commented
2 years ago Thanks for the information, I think we managed to solve the problem on our end now.
ingshtrom
commented
2 years ago Awesome, feel free to re-open or create a new ticket if something comes up again 😄
Problem description
It seems that one or more of the public ip:s that we have at my company is being blocked on dockerhub. We have an account that we are using in Artifactory to mirror Dockerhub internally but one of our instances are getting blocked now and then when we try to fetch anything from https://registry-1.docker.io but it still works from another instance so my conclusion is that the ip keeps getting blocked. I have not been able to figure out what is going on in our end yet. Can you see anything from your side.
docker infooutputDocker Info:
Debug Information
Browser name and version:
URL:
Timetamp or time range:
Public IP: I think it is most likely this one -> 88.205.110.4
155.190.35.4 155.190.35.5 155.190.35.6 155.190.35.7 155.190.36.7
Hub Username: admindockerhub
Error messages (on screen or in browser console)
Screenshots of the issue (if applicable)
Task List