How to handle massive request by ajax calls

Question

I performed this test:

On my "raspberry pi" I host a website

Then when I load the website I open the DevTools and put this code:

setInterval(function(){
  $.ajax({ 
        success: function(result){
           console.log(result);
        }
     });
 },1);

This makes a request to the same page every 1 ms

10 sec after, I get this error "net::ERR_INSUFFICIENT_RESOURCES"

In this case the "raspberry pi" is limited i know, but the same tipe of massive request on webhost should make the server slowdown.

My question is, on a production environment, what is the best practice to avoid this massive request injection?

Is php(in my case) should handle this requests? is Apache? Firewall?

Thanks for your time guys.

Answer 1

net::ERR_INSUFFICIENT_RESOURCES is a Google Chrome error, it's simply the browser saying that it can't handle more data, probably because you have too many parallel AJAX calls.

In this case your Raspberry Pi is not the culprit and works just fine, it's just your client side code that needs a bit of optimisation, for example you could wait for the previous ajax call to succeed before sending another one.

I guess your question was more about "how to handle DOS attacks", if you want to protect yourself from DOS attacks, one of the best method (in my opinion) would be Fail2Ban (or any equivalent), it allows you to use your Apache access log (or any other log) to detect malicious request. You can set it up to detect when a client send too many request an then ban it's IP.

There is a lot of online tutorial and I wont detail how to use it here

This is a great approach when you only have one malicious client, in the case of DDOS (Distributed DOS), you might have to handle thousands of different IPs coming from everywhere, in this case Fail2Ban is like a band-aid on an open wound. DDOS is really hard to counter and you probably want an external service handling that for you (Cloudflare for example)

I hope I answered your question, have a great day