From 2d3b1f2cb0c05385c1702f1a7d74fa08d52c262f Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Mon, 6 Jan 2025 13:21:47 +0100 Subject: fix: Ensure rate-limits are on for get-entries Backoff on 4XX and 5XX. See related issue: https://github.com/google/certificate-transparency-go/issues/898 Test manually hints: ``` $ cat srv.py from http.server import HTTPServer, BaseHTTPRequestHandler class RequestHandler(BaseHTTPRequestHandler): def do_GET(self): self.send_response(429) self.send_header("Content-Type", "text/plain") self.end_headers() self.wfile.write(b"429 something something...") def do_POST(self): self.do_GET() def do_PUT(self): self.do_GET() def do_DELETE(self): self.do_GET() if __name__ == "__main__": server_address = ('localhost', 9090) httpd = HTTPServer(server_address, RequestHandler) print("Server running on http://localhost:9090") httpd.serve_forever() ``` And a transport for http.Client that redirects to localhost: ``` type statusRR struct { inner http.RoundTripper } func (s *statusRR) RoundTrip(req *http.Request) (*http.Response, error) { if strings.Contains(req.URL.Path, "ct/v1/get-entries") { req.URL.Scheme = "http" req.URL.Host = "localhost:9090" } rsp, err := s.inner.RoundTrip(req) return rsp, err } ``` --- internal/monitor/monitor.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'internal/monitor/monitor.go') diff --git a/internal/monitor/monitor.go b/internal/monitor/monitor.go index 1f068b2..2575977 100644 --- a/internal/monitor/monitor.go +++ b/internal/monitor/monitor.go @@ -173,7 +173,8 @@ func (mon *Monitor) newTailRFC6962(log MonitoredLog) (tail, error) { return tail{}, err } - return tail{cfg: mon.cfg, scanner: cli, checker: cli, matcher: mon.matcher}, nil + bc := &backoffClient{cli: cli} + return tail{cfg: mon.cfg, scanner: bc, checker: bc, matcher: mon.matcher}, nil } func (mon *Monitor) newTailTile(cfg MonitoredLog) (tail, error) { -- cgit v1.2.3