Support Forums

Accessing the test environment through basic authentication will return "429 Too Many Requests"

Hi, our team has been using Netlify since April of last year,
We are facing the following problems.

Suddenly, when you enter Basic authentication on all pages under the TOP page of the test branch,
“429 Too Many Requests” is returned.

You can access the TOP page without any problem even if you enter Basic authentication.
If you log in automatically with the ID / PW saved in your browser, you can access the pages under the TOP page without any problems.

The same is true even if the extension is not installed in chrome, safari, etc.

There is no problem with the build and it finishes normally.

◎ I found the part that seems to be the cause, but I can’t solve it.
When “429 Too Many Requests” occurs
authorization for http request: Basic anNjb206anNjb21qc2NvbQ ==
Is not included

I’ve tried disabling preload, but it doesn’t work.

This is the branch deploy URL: https://test--thirsty-wright-d98446.netlify.app/
Production site: https://jscom.jp/


Hi @kurata,

Yes, Basic Auth is rate limited and if your browser is unable to sign you in automatically, it counts as a failed attempt. Thus, when requesting page assets, it makes too many invalid calls and 429 is thrown. There are 2 ways around this:

  1. Use JWT instead of Basic Auth - no rate limiting there.
  2. Move your webpage’s assets to a different folder and don’t apply basic auth to that path. So your webpages would remain protected, but your assets would not be and since they don’t have basic auth, the browser can freely request them without any rate limiting.
1 Like

Hi @hrishikesh

Thank you for your prompt reply.
Thank you for suggesting the cause and solution.

This will move us forward.
If you have any problems, please let me know again.

Thank you very much.

1 Like

Hello @hrishikesh

Let me ask you an additional question immediately.

  1. Why doesn’t an error occur even if the browser does not automatically sign in to only the TOP page of the test site?

  2. Are there any disadvantages to using JWT?

  3. We have been using a similar environment for about a year, but this phenomenon was first confirmed after August 27th.
    What are the possible causes?

Please answer.

I don’t understand. You did get error 429, correct?

None that come to mind but there might be depending on your use case and project complexity. Also, it’s not as easy as using Basic Auth as you’d have to use Identity and manage members. But you could get away with the 429 error.

I don’t have a good answer for that. Rate limiting has always existed on Netlify. But if you’re seeing it only recently, maybe somewhere something changed. Basically, you can’t request too many files that are protected by basic auth within too less time. If you request them, they should be authenticated and if not, you’d get 429.