Woodworking news roundup

Well, it is new to me....

@John in NM,
Does that happen often?

I increased the rate limiting to trigger at 100 requests every 10 seconds.

admin wrote:

@John in NM,
Does that happen often?

I increased the rate limiting to trigger at 100 requests every 10 seconds.

No, first time I've seen it.  I remembered seeing rate limiting in a post title so I went and read it.  Odd all around.

@John in NM,

Thanks for reporting it. This is something that needs to be tuned over time based on real user feedback. If it does trigger, the block only lasts about 10 seconds—just wait a moment and refresh the page.

These days, the vast majority of traffic to most websites is automated rather than human. Well-behaved bots from major search engines like Google and Bing follow established guidelines—they respect crawl rules and space out their requests to avoid overloading servers. Malicious bots, on the other hand, don’t follow those conventions. They may hit a site with hundreds of requests per second, probing for vulnerabilities, scraping data for resale, or engaging in other unwanted activity.

There’s no perfect way to distinguish bots from real users, but one reliable signal is request rate. Humans simply don’t generate hundreds of clicks per second, so rate limiting is an effective way to filter out abusive traffic without causing many false positives.

That said, it’s not entirely straightforward because there’s an important distinction between a page view and a request. A single page view can generate many requests: the initial HTML load, followed by CSS, JavaScript, images, and any AJAX calls. Rate limiting operates on requests, not views. So, for example, opening a gallery page with 100 images could generate over 100 requests for just one page load. If several such pages are accessed in quick succession within a short window (like 10 seconds), it can potentially trigger the limit.

Over the last 30 days, we received 12 million requests, and probably 99% of that is bots. A website with that many requests hitting the origin server isn't going to work on normal hosting services; sites operating at that scale require infrastructure costing thousands of dollars a month and probably a dedicated IT staff.

Running sites through a Content Delivery Network (CDN) to firewall and rate-limit them like we do is practically mandatory nowadays. Actually, the web as a whole simply would not work if not for them.

Details if interested: https://www.woodcentral.com/-/peter/how-cdns-lower-the-cost-of-being-online/

Thanks Peter, it seems there is always something new to learn

@John in NM,

Thanks John, but but after posting I often think to myself, "Peter, this is a woodworking site and no one cares about this stuff!" Problem is, I like explaining things and often don't consider my audience; is this something readers NEED TO know, or MIGHT WANT TO know.

I'll try to do better by considering this, and not hijack topics with long technical explanations on how the site works internally as opposed to actually how to use the site.