Skip to content

FDSNWS: add maximum connections per IP#107

Open
filefolder wants to merge 5 commits intoSeisComP:mainfrom
filefolder:main
Open

FDSNWS: add maximum connections per IP#107
filefolder wants to merge 5 commits intoSeisComP:mainfrom
filefolder:main

Conversation

@filefolder
Copy link

@filefolder filefolder commented Feb 22, 2026

adds:

  1. a maximum concurrent connections per IP address setting to optionally limit or eliminate parallel fdsnws requests (returns 429 error)
  2. a whitelist IP setting for known addresses to bypass this

only started testing but seems to work OK. feel free to edit!

@cla-bot
Copy link

cla-bot bot commented Feb 22, 2026

Thank you for your pull request and welcome to our community. We could not parse the GitHub identity of the following contributors: Robert Pickle, filefolder.
This is most likely caused by a git client misconfiguration; please make sure to:

  1. check if your git client is configured with an email to sign commits git config --list | grep email
  2. If not, set it up using git config --global user.email email@example.com
  3. Make sure that the git commit email is configured in your GitHub account settings, see https://github.com/settings/emails

@gempa-stephan
Copy link
Contributor

gempa-stephan commented Feb 23, 2026
edited
Loading

Thanks for your contribution.

However, I'm not in favor of implementing those technical limits in the FDSNWS implementation itself because:

  • Each extra code line needs to be maintained
  • A typical public facing setup will most likely involve a reverse proxy anyhow to
    • manage SSL certificates
    • provide the service on a default port 80/443
  • An NGINX setup is easy accomplished providing IP and rate limit features out of the box

See documentation on rate limit and access limits

Example 1: Limit fdsnws dataselect requests to 1 request per IP per second while the first 10 requests would be answered as fast as possible.

limit_req_zone $binary_remote_addr zone=fdsnws_dataselect:10m rate=1r/s;
server {
    location /fdsnws/dataselect/1/query {
        limit_req zone=fdsnws_dataselect burst=10 nodelay;
        proxy_pass http://127.0.0.1:8080;
    }
}

Example 2: Limit of 3 connections per IP combined with a rate limit of 100KiB/s after 50MiB have been downloaded.

limit_req_zone $binary_remote_addr zone=fdsnws_dataselect:10m;
server {
    location /fdsnws/dataselect/1/query {
        limit_conn fdsnws_dataselect 3;
        limit_rate_after 50m;
        limit_rate 100k;
        proxy_pass http://127.0.0.1:8080;
    }
}

@filefolder
Copy link
Author

filefolder commented Feb 23, 2026

Cheers Stephan, that's revelatory for me and seems a lot more flexible indeed. I will see if our IT staff can implement this.

I'll let you close as you see fit; would be curious to know what anyone else has implemented.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@filefolder @gempa-stephan