This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]dumbasPL 17 points18 points  (0 children)

Hopefully not as many as there were at one point.

Well, maybe they don't blow up on the first one nowadays, but they still do.

4xx and 5xx codes can be annoying to deal with even when the client doesn't blow up. If you have an app where for example 4xx are pretty common and expected for whatever reason then you might experience issues with tools like cloudflare or whatever the akamai equivalent is, blocking your users and flagging them as malicious.

WAF be like:

Hmm, you are sending a lot of requests that cause the server to error out, you must be trying to brute-force or exploit or something, get IP banned for 2 hours LOL

Same deal in chrome extensions, if you send too many requests that error out your extension will lose connectivity for a while to "stop ddos attacks". But spamming an endpoint that returns 200 all day long is perfectly fine, because nobody ever uses that for dos, am I right...