Rate limited 10040 even when updating every 4 hours

I have one IP list in my Account > Configuration> Lists that currently has 0 IPs. Every time I try update it through the API, even when doing more than 4 hours apart, I get a rate limit error:
time="02-03-2024 00:43:47" level=error msg="you have been ratelimited please wait and try again (10040)" account_id=9b4ff31a62b9ce8041fa0b7f2f398a50
time="02-03-2024 00:43:47" level=info msg="done processing decisions with scope=Ip" account_id=9b4ff31a62b9ce8041fa0b7f2f398a50
time="02-03-2024 04:43:44" level=info msg="processing decisions with scope=Ip" account_id=9b4ff31a62b9ce8041fa0b7f2f398a50
time="02-03-2024 04:43:52" level=error msg="you have been ratelimited please wait and try again (10040)" account_id=9b4ff31a62b9ce8041fa0b7f2f398a50
time="02-03-2024 04:43:52" level=info msg="done processing decisions with scope=Ip" account_id=9b4ff31a62b9ce8041fa0b7f2f398a50
time="02-03-2024 08:43:49" level=info msg="processing decisions with scope=Ip" account_id=9b4ff31a62b9ce8041fa0b7f2f398a50
time="02-03-2024 08:43:57" level=error msg="you have been ratelimited please wait and try again (10040)" account_id=9b4ff31a62b9ce8041fa0b7f2f398a50
time="02-03-2024 08:43:57" level=info msg="done processing decisions with scope=Ip" account_id=9b4ff31a62b9ce8041fa0b7f2f398a50
time="02-03-2024 12:43:54" level=info msg="processing decisions with scope=Ip" account_id=9b4ff31a62b9ce8041fa0b7f2f398a50
time="02-03-2024 12:44:02" level=error msg="you have been ratelimited please wait and try again (10040)" account_id=9b4ff31a62b9ce8041fa0b7f2f398a50
time="02-03-2024 12:44:02" level=info msg="done processing decisions with scope=Ip" account_id=9b4ff31a62b9ce8041fa0b7f2f398a50
time="02-03-2024 00:43:47" level=error msg="you have been ratelimited please wait and try again (10040)" account_id=9b4ff31a62b9ce8041fa0b7f2f398a50
time="02-03-2024 00:43:47" level=info msg="done processing decisions with scope=Ip" account_id=9b4ff31a62b9ce8041fa0b7f2f398a50
time="02-03-2024 04:43:44" level=info msg="processing decisions with scope=Ip" account_id=9b4ff31a62b9ce8041fa0b7f2f398a50
time="02-03-2024 04:43:52" level=error msg="you have been ratelimited please wait and try again (10040)" account_id=9b4ff31a62b9ce8041fa0b7f2f398a50
time="02-03-2024 04:43:52" level=info msg="done processing decisions with scope=Ip" account_id=9b4ff31a62b9ce8041fa0b7f2f398a50
time="02-03-2024 08:43:49" level=info msg="processing decisions with scope=Ip" account_id=9b4ff31a62b9ce8041fa0b7f2f398a50
time="02-03-2024 08:43:57" level=error msg="you have been ratelimited please wait and try again (10040)" account_id=9b4ff31a62b9ce8041fa0b7f2f398a50
time="02-03-2024 08:43:57" level=info msg="done processing decisions with scope=Ip" account_id=9b4ff31a62b9ce8041fa0b7f2f398a50
time="02-03-2024 12:43:54" level=info msg="processing decisions with scope=Ip" account_id=9b4ff31a62b9ce8041fa0b7f2f398a50
time="02-03-2024 12:44:02" level=error msg="you have been ratelimited please wait and try again (10040)" account_id=9b4ff31a62b9ce8041fa0b7f2f398a50
time="02-03-2024 12:44:02" level=info msg="done processing decisions with scope=Ip" account_id=9b4ff31a62b9ce8041fa0b7f2f398a50
What's the limit here?
12 Replies
light
lightOP9mo ago
Anyone?
stio_studio
stio_studio9mo ago
Hi Could you explain where it is? I tried to find the url but countn't
light
lightOP9mo ago
That's an API error. I am not sure what URL you are referring to. I am using the API to update IP lists in Account > Configuration> Lists that currently has 0 IPs
stio_studio
stio_studio9mo ago
But I don't know what API you are referring to And are you using a programming language to access this api? I was talking about URL because I thought the API was an URL. Sorry for the confusion :)
light
lightOP9mo ago
Yes. It's Crowdsec. Specifically its the crowdsec cloudflare bouncer https://github.com/crowdsecurity/cs-cloudflare-bouncer All google search results with that error code are about users facing issues using it with that tool
GitHub
GitHub - crowdsecurity/cs-cloudflare-bouncer: A CrowdSec Bouncer th...
A CrowdSec Bouncer that syncs the decisions made by CrowdSec with CloudFlare's firewall. Manages multi user, multi account, multi zone setup. Supports IP, Country and AS scoped decisions. -...
Cyb3r-Jak3
Cyb3r-Jak39mo ago
What do you have your update frequency set as? According to https://github.com/crowdsecurity/cs-cloudflare-bouncer/issues/121 it seems like 3600 helps with the issue
GitHub
Cloudflare (continuously) rate limiting API calls · Issue #121 · cr...
Hi, It seems the Cloudflare API is over solicited by the bouncer. One of the multiple log lines: level=error msg="you have been ratelimited please wait and try again (10040)" That would b...
light
lightOP9mo ago
4 hours as mentioned in the initial message. 4 hour 4 seconds to be precise I believe.You can also see the gap in the log output timestamp. We can keep on doing hit and trial, but I am looking at finding the canonical source of truth here - what's the Cloudflare limit, and documentation around error 10400 Hmm that bug entry actually talks about using Cloudflare workers because the Cloudflare API to update IP list is broken, which is what my support ticket refers to. So I guess the question is do we just consider it broken, wouldn't be fixed and move on?
Cyb3r-Jak3
Cyb3r-Jak39mo ago
I would imagine if it wasn't going to be fixed there would be some announcement. I'd be interested as to what supports response is
light
lightOP9mo ago
Does support even check/respond here? Sorry for my ignorance
Cyb3r-Jak3
Cyb3r-Jak39mo ago
This is a community server so there is no official support here. I thought you mean you had a support ticket open
Chaika
Chaika9mo ago
There's this comment under the List API https://developers.cloudflare.com/waf/tools/lists/lists-api/
Rate limiting for Lists API requests Cloudflare may apply rate limiting to your API requests creating or deleting list items in custom lists and Bulk Redirect Lists. Each operation (create or delete) on a list item counts as a change. The existing rate limit is based on the number of list changes over time. You can request a maximum of 10,000 list changes in five minutes. Once the system has processed enough list changes so that they are under the threshold mentioned above, you can make additional API requests with more changes.
do you know how many list items its trying to add?
light
lightOP9mo ago
No. I didn't find an option for that. Maybe I can start a paid subscription to be able to do that Thanks for sharing! I initially tried 10k, and then after the rate limit, I was doing about 11. I believe the limit stays for 4 days before further updates can be made I got the pro plan and just submitted a support ticket
Want results from more Discord servers?
Add your server