Blocking requests with empty affiliation param
3 views
Skip to first unread message
Liz Krznarich
Aug 2, 2022, 3:31:06 PM8/2/22
to ROR Tech Support
Hi all,
We have seen a very large increase in invalid requests with either an empty affiliation parameter value or affiliation=0 in the past few weeks. This is now our top API request with over 10k requests per day, mainly at the ever-popular cron job time of midnight UTC.
These requests generate application errors which cause high CPU usage and service impacts service for other users, so effectively immediately, we are blocking the following requests at the load balancer:
https://api.ror.org/organizations?affiliation=
https://api.ror.org/organizations?affiliation=
These requests previously returned a 500 error, but will now return a 403 error with message:
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
</body>
</html>
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
</body>
</html>
As a reminder, since ROR is freely available without authentication, it's difficult for us to identify and contact individual organizations/users whose API requests are causing issues. Please check your own error logs to ensure that your applications are behaving nicely and not generating a high volume of invalid requests, particularly at peak times.
Cheers,
Liz
___
Liz Krznarich, DataCite | ROR Technical Lead
l...@ror.org | ror.org | @ResearchOrgs | ROR docs
Reply all
Reply to author
Forward
0 new messages