• Resolved pbosakov

    (@pbosakov)


    Hello! I am writing to suggest an enhancement to the way Wordfence handles HTTP response codes for rate limiting and blocking actions. Currently, Wordfence uses HTTP 503 response codes to indicate both temporary blocks due to rate limiting and permanent blocks. However, this approach poses a challenge as monitoring tools, such as AWS CloudWatch, often flag HTTP 503 responses as application errors, leading to potential false alarms and misinterpretations of the system’s health.

    To improve clarity and better align with HTTP status code conventions, I propose the following changes:

    1. Use HTTP 429 Too Many Requests for Rate Limiting:
      • HTTP 429 is specifically designed to indicate that the user has sent too many requests in a given amount of time and should reduce the rate of requests. This status code would provide a clearer indication of rate limiting events.
    2. Use HTTP 403 Forbidden for Permanent Blocks:
      • HTTP 403 indicates that the server understands the request but refuses to authorize it. This status code is well-suited for permanent blocks, clearly conveying that access is denied.
Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @pbosakov, thanks for your detailed message.

    We do have a case open to migrate our HTTP 503 response codes to 429 for temporary blocks/rate limiting and 403 for permanent so have passed your additional thoughts to the team.

    Our changelog is the best place to keep an eye on changes in new plugin versions as we’re unable to update customers on development progress here on the forums, but everything put forward is seen and considered.

    Thanks,
    Peter.

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.