search

docker / hub-feedback

Feedback and bug reports for the Docker Hub
https://hub.docker.com
232 stars 40 forks source link

Please remove IP from blacklist #2242

Closed frankp-squire closed 2 years ago

frankp-squire commented 2 years ago

Hello,

Can you please check for any block/blacklisting of 54.151.48.213? This is the EIP on our NAT Gateway. Thanks very much in advance!

Frank

ingshtrom commented 2 years ago

Can you please provide move information surrounding what error you are experiencing that makes you think you are being blocked?

frankp-squire commented 2 years ago

It is a bit of an assumption on my part that we are blacklisted. We are getting the toomanyrequests: You have reached your pull rate limit. message, even though there should be no pull requests from this VPC (aside from the hosts currently in question).

For some more context, I'm trying to deploy the base/sample docker application with Elastic Beanstalk, provided by AWS. As part of that initial deployment, it apparently pulls an image(s) from Docker Hub, but fails due to the rate limit. I'm wondering if whoever had that public IP previously had abused it?

Thanks again for the help.

ingshtrom commented 2 years ago

There seems to be multiple things going on behind the IP you provided, but let me share some background about rate limiting and then I will detail the issue you are seeing.

Firstly, the error you posted of toomanyrequests: You have reached your pull rate limit is an error message from the Docker Hub Rate Limiting we rolled out in November 2020. Each unauthenticated client gets 100 image pulls from Docker Hub per 6-hour time window. If you authenticate your image pull to Docker Hub then you get 200 image pulls (even on a Personal Plan). Once you have a Pro/Team/Business plan and you authenticate your requests, then you receive unlimited image pulls (up to our anti-abuse policies).

Now to the specific error message you are getting. When I look at the IP you provided, I see a lot of unauthenticated requests and then a lot of rate-limited requests for May 24th (yesterday as of this writing).

image

The same thing is continuing to happen today, so I don't think it is a bad public IP that you inherited: image

They seem to be for the image prefecthq/prefect:0.15.13-python3.8. Does that ring a bell?

If so, I recommend modifying whatever script you have to fail when the request errors (the 401 errors) and backoff when a 429 response code is received.

I hope this information helps!

frankp-squire commented 2 years ago

Thank you- this is extremely helpful. We definitely have a problematic script that needs to be shut down. Thanks again!