Drag wrote: ↑
Mon Oct 05, 2020 6:41 pm
It's explained more in depth in the linked thread, but RCWN completely subverts the browser's cache by re-requesting all content, on the off chance that re-receiving it from the server is faster than retrieving it from the cache. Nesdev is likely seeing this as a DOS attempt (multiple repeated requests in a short time span), and temporarily blocking your IP.
Be aware that it's not just any
connection attempt that causes this problem, it's many aborted half-open
connections in a short time frame that cause Nesdev's firewall to block you.
- In a little more detail, the issue tepples found was:
If you are using Firefox over a very fast network connection, Firefox might be comparing the speed of retreiving items from its disk cache to the speed of retreving items from the network. Firefox calls this test "race cache with network" or RCWN, because it's starting a cache retrieval and a fresh network request at the same time and seeing which one completes first. If the cache completes first, the network request is aborted. In fact, this RCWN test can cause an aborted "half-open" network connection.
Nesdev's firewall considers many aborted half-open network connections in a short time frame as malicious and blocks all connection attempts from your address for a while. Specifically, tepples's bug report says if your address creates more than 30 aborted half-open connections in a 10-second period, Nesdev's firewall blocks you for 30 minutes.
tepples filed a Firefox bug report suggesting Firefox avoid or limit aborted half-open connections during RCWN tests. Until that bug is fixed, you can disable RCWN completely by going to about:config and setting network.http.rcwn.enabled to false.
Ben Boldt wrote: ↑
Sun Oct 04, 2020 10:17 am
The first page I go to loads fine, shows new forum posts I haven't seen before so it isn't just cached. Then the next link I click, it seems the website has crashed ("Connection timed out") and remains crashed for quite a while
Be aware that when you visit a single page, your browser may send many requests to the server. You can clear your cache, then look in your browser's F12 Developer tools Network page to see the requests it sends. You will see that visiting a single page can cause many requests for scripts, stylesheets, images for icons and avatars, and so on. On repeat visits to a site, even if the main textual content of a page is new and not in the cache, it's likely that many of the other items will be cached. If Firefox thinks your network is fast enough to do the RCWN tests, these cached items could be tested against fresh requests, and if the cache completes first, Firefox may be causing the aborted half-open connections that cause you to get blocked.
Ben Boldt wrote: ↑
Sun Oct 11, 2020 11:01 am
In case I am triggering a DOS detection like you say, I will try to wait a moment before clicking the first thread I see.
There's a chance you might be able to avoid the problem if you wait 10 seconds between each link you click, but if a page happens to need more than 30 cached items (scripts, stylesheets, images, and so on), then Firefox might still cause more than 30 aborted half-open connections and get you blocked.
If you want to confirm you're having the same issue...
- A possibly more relevant test could be to clear your cache (but keep your cookies) before every link you click. That way Firefox would have nothing cached and never do the RCWN test. (Be sure to keep your cookies so you will stay logged in.)
Instead of clearing the cache manually, I think you can open the F12 Developer tools, go to the Network page, check the box to disable the cache, then be sure to open links in the same tab. (I don't have Firefox, but in Chrome, the Network monitor didn't seem to show me information for requests I opened in a new tab.)
Also, in the Network monitor, if you keep the "Disable cache" box unchecked, I see that tepples described a "(raced)" notation is shown on items when an RCWN test was conducted. (Perhaps the "(raced)" notation only appears when the cache wins the race (?), but that is the situation that is causing the problem.)
If all that testing seems like too much work, then it would probably be easier to just go to about:config
and set network.http.rcwn.enabled