You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Say someone configures max 100 actions per visit to be allowed, and the current visit reached > 100 actions, then we block this IP for future tracking requests for up to 24 hours.
We could also directly delete this visit (and potentially delete all visits from that IP from the same day). It be easy to develop but not doing it for now as you could misuse it potentially to delete visits if eg HTTP headers are used to detect IP etc. It may be fine though maybe when no proxy headers are used or so.
Depending how often this happens could also include a link in the email to the visitor profile or so and then user could decide to delete that visit once this feature is available. Requires manual work though.
The text was updated successfully, but these errors were encountered:
fyi I just realise it may be difficult to delete the visit automatically. Like what would potentially happen is:
visit reaches say 500 actions
usually we would simply stop tracking further actions but now we would (optionally) delete the visit completely from the DB
spammer sends another request
we would create a new visit and start tracking these actions again
To prevent this problem we could instead delete visits in a task say every X hours or once a day and only delete "finished visits" where the last action was more than 30 minutes ago (or whatever is configured as visit length for creating new visits). This way it be also generally better because it would mean we wouldn't need to invalidate existing reports every time a single visit is deleted.
Alternatively, we could of course do a soft delete but this would require a DB schema change on the log table which we do only for major release updates because they take so long. Yet another way be to put configId/visitorId temporarily on a "not allow" list
Say someone configures max 100 actions per visit to be allowed, and the current visit reached > 100 actions, then we block this IP for future tracking requests for up to 24 hours.
We could also directly delete this visit (and potentially delete all visits from that IP from the same day). It be easy to develop but not doing it for now as you could misuse it potentially to delete visits if eg HTTP headers are used to detect IP etc. It may be fine though maybe when no proxy headers are used or so.
Depending how often this happens could also include a link in the email to the visitor profile or so and then user could decide to delete that visit once this feature is available. Requires manual work though.
The text was updated successfully, but these errors were encountered: