Error! Transaction Request limit reached for this IP Address Stripe

Thank you for reaching out to us. This is the first time I hear about this issue. Have you contacted Stripe support regarding this error message? I did some search in Stripe and this is what I found.

https://stripe.com/docs/rate-limits

Let me know if this helps you.

Kind regards.

Stripe says it’s not them. I had a friend who was hitting the issue on his home WIFI and while he was hitting the issue it worked for me over the phone (different ip). When he reset his IP, it worked.

According to the readme/version history, this was a feature added to the plugin to prevent bots from using it for testing credit card numbers.

Stripe says it’s not them.

Thank you for letting me know.

I had a friend who was hitting the issue on his home WIFI and while he was hitting the issue it worked for me over the phone (different ip). When he reset his IP, it worked.

This is very interesting to know. Is your friend in the same country as yourself? Is this issue occurring with many purchases at the same time or only to some purchases randomly?

Kind regards.

• This reply was modified 9 months, 3 weeks ago by mbrsolution.

Same country, different countries, doesn’t matter.

I’ve had friends submit via their home internet just fine, but fail over their phone’s internet (not on wifi). At first I thought it may be some bans to public wifi addresses (e.g. starbucks) but it’s clearly happening to all sorts of users.

This error message is triggered within the plugin, I tried to inspect the code but couldn’t figure out why. Is it data coming from Stripe’s API that causes it??

Unfortunately I cannot reproduce this issue myself. I have submitted a message to the developers to investigate further your issue.

Kind regards.

The plugin includes a security feature that tracks the number of transaction requests originating from a single IP address within a 24-hour period. This mechanism is designed to thwart card testing attacks.

Given that each customer will typically connect from a unique IP address, this security measure should not interfere with normal sales activity, even during periods of high volume, as these transactions are expected to originate from various IP addresses.

However, if you’re encountering errors related to this feature, it may indicate an issue where the plugin is unable to accurately identify each customer’s unique IP address. When such an error occurs, the implicated IP address will be recorded in the error message. To further investigate, you can enable the debug logging option, which will log the IP addresses associated with transaction requests. This information can help us determine whether the requests are indeed coming from the same IP address and assist in identifying the root cause of the issue.

You can disable that security check by unchecking the following checkbox in the advanced settings menu of the plugin:

Disable Transaction Limit per IP Address Check

Additionally, the plugin offers a filter hook that allows you to increase this limit according to your site’s needs. Below, you will find a simple addon designed to raise the limit to 50. You can download and test this addon on your site to see if it meets your requirements:

https://github.com/Arsenal21/stripe-payments-enhancements/blob/master/asp-override-request-ip-limit/asp-override-request-ip-limit.php

Was the Disable Transaction Limit per IP Address Check feature added recently? When this started a few months ago, I could swear it wasn’t in the Advanced Settings tab.

So with trying to figure out this issue, How is the Request usage count actually counted?

So in the debug log, I see:

[03/28/2024 10:33:02 PM] – handle_create_pi() – Product ID: 20848, Captcha Type: recaptcha, Txn Counter: 19, IP: 174.164.999.999
[03/28/2024 10:33:02 PM] – Page load signature check done!
[03/28/2024 10:33:02 PM] – FAILURE: Request usage count limit reached for this IP address. IP: 174.164.999.999, Request Count: 26

This IP Address (changed) is my friend’s Comcast account from their home in Seattle. If I look at my apache logs for their IP address, they’ve only had 13 total hits regarding the plug-in (to download css, js, etc) and within 72 hours leading up to hitting this issue, they only logged into the website, clicked the payment button and tried to pay. So even counting the total web pages they hit in those 72 hours, it doesn’t even add up add up.

Is this value tracked locally, or something Stripe provides?

Thanks for all the help!

So I went through the payment process myself find it interesting that my request count is already at 5

[03/29/2024 01:39:47 PM] – handle_create_pi() – Product ID: 20848, Captcha Type: recaptcha, Txn Counter: 6, IP: 174.105.999.99
[03/29/2024 01:39:47 PM] – Page load signature check done!
[03/29/2024 01:39:47 PM] – Request usage count is valid for this IP addresss. IP: 174.105.999.99, Request Count: 5
[03/29/2024 01:39:47 PM] – This is a donation type product. API pre-submission amount validation is not required.
[03/29/2024 01:39:47 PM] – Additional captcha response check done.
[03/29/2024 01:39:48 PM] – handle_confirm_pi() – Product ID: 20848, Captcha Type: recaptcha, Txn Counter: 6, IP: 174.105.999.99
[03/29/2024 01:39:48 PM] – Page load signature check done!
[03/29/2024 01:39:48 PM] – Request usage count is valid for this IP addresss. IP: 174.105.999.99, Request Count: 6

I’ve not gone through the payment process since January 30th. I’ve not used Stripe in any capacity since then. It seems like the counter is not being reset?

Sorry, I’ve been deep diving into this issue more ??

It looks like the counter is stored in a transient called “asp_request_usage_count”, with each IP address being tracked.

However, it looks like this transient object is set to expire every 12 hours.

If I get a new Stripe transaction applied once every 12 hour window, it seems to me this transient would never expire? So the 12 hour window isn’t per IP address, it’s for the entire system?

There is an array which contains the different IP addresses. So unless many requests are originating from the same IP address, it won’t be an issue. While there might be minor discrepancies in the counter on some sites, these are not a concern. The primary function of this mechanism is to identify multiple requests from a single IP address, and it performs this task effectively. In fact, over 98% of users utilizing this plugin never encounter this limit. If you do reach the limit, there is an option to increase it for your site.

We are trying to maintain a balance across various factors. Currently, I do not perceive the limit/check as a significant problem.

You may need to switch to using an alternative plugin for your site.

I am not criticizing the development of the plugin, in fact, I quite like it and it has served us well. I am just trying to debug the problem we are facing and hopefully lead to a possible solution.

I think one thing unique to my situation and maybe why others have not see this issue is that we have many repeat buyers, from around the world — so this counter never gets reset.

I cleared out the transients right after the last message and I’ve not seen an error since. I’ll just add a small piece of code that clears these once a week it should be good to go.