Preview Deployed app returns HTTP 429

Hello there, our team has been using Netlify since June of the last year and this is the first time that we faced a problem like this. Suddenly our preview deploys (created by open pull requests) and our specific branch deploys are returning an HTTP 429.

There is no problem with the build, it ends successfully, neither the rates. A strange thing to mention is if we change our connection source, from one internet provider to another, it works for a few minutes but then after a refresh returns 429 again.

Our guess is that it’s related to one CDN edge location (we are in Argentina) because it works if we try through a VPN service.

this is a branch deploy URL: https://development--playbots.netlify.app/

Thanks!

We just started running into this issue as well and haven’t been able to resolve it.

Any update here?

Nop, had our branch deploys working a few hours then went back to the HTTP 429 responses again…

HTTP 429 responses generally mean rate-limited.

Since you provided a hostname, @mrcportillo , I could look for rate limits on your domain and what I see is that your site has basic authentication on it, and we will absolutely block requests from your IP for awhile, if you fail to authenticate requests from the same one enough times in a row (which could happen a bunch of times, in case you reload a page with bad auth or even have a single page with a dozen links with bad auth - most likely in Safari which has some difficulty in passing your Basic-Auth credentials automatically through on XMLHttpRequest calls, for instance). I’d guess that is what happened to you.

@mattalbrecht I assume you probably don’t use basic auth protection on your site, so if you want to tell me the URL and confirm when you saw it, I can try to understand what happened there.

Thanks for your answer @fool, after disabling the auth headers of the environment it started to work again. It’s a bit weird because the team is located in different parts of the country, maybe somehow is blocking the ISP ip? Thanks again!

Yes, we do use basic auth. Has something changed recently on Netlify side that might now lead to the 429s as we have always had basic auth set up?

I’ll send the URL in the open ticket I created this morning #53935.

They will only happen if you fail the authentication repeatedly. One presumes you don’t usually do that enough to hit the rate limits :slight_smile:

The credentials haven’t changed at all so I’m certainly not sending incorrect auth, but something must be. I’ve sent the URL in the associated support ticket, this is an ongoing issue, I’ve been receiving the 429s since Monday.

I wasn’t suggesting that the credentials changed; I was suggesting that you review your console logs to find the 401’s that you are indubitably causing which lead to getting rate limited, and fix them, to prevent getting blocked :wink:

I can look in our logs and try to dig them out for you if that would be more like what you’re hoping for? I could get referrer and URL and User-Agent, and hopefully you can reconstruct from that what might be happening…

Gotcha!

Thanks for the responses

I’m seeing a single 401 before it prompts me for creds, then I’ll enter the creds and get 429s after that and every time I refresh. I’m thinking it might be an extension causing the issues, just tested it this morning if I’m not currently rate limited than everything works in incognito mode. I updated chrome on monday which seems to have been the catalyst for all this.

Last pass seems like a likely culprit.

1 Like

thank you for sharing - last pass is a VERY common extension so this is really good to know!