Hitting Vercel checkpoint after keeping my site open for a while.
Unanswered
Antillean Palm Swift posted this in #help-forum
Antillean Palm SwiftOP
Hi, I have bot protection enabled on my website hosted on Vercel. I have a tiptap editor that lets use write docs.
I kept this tab open for a while, moved away from this site. When I came back to the site and started editing.
It throws this:
1. 429 Too Many Requests
2. 403 Forbidden
Attached screenshots. Doing some research, I came across this discussion:
1. https://community.vercel.com/t/vercel-firewall-rules-to-deny-bot-attacks/1867
2. https://vercel.com/docs/deployment-protection/methods-to-bypass-deployment-protection
May be I didn't process the information correctly, but I did not see any straightforward mechanism demonstrating the WAF rules.
The API calls initially work but after sometime without any operation, bot protection triggers and then does not let API to work.
Any input is appreciated.
I kept this tab open for a while, moved away from this site. When I came back to the site and started editing.
It throws this:
1. 429 Too Many Requests
2. 403 Forbidden
Attached screenshots. Doing some research, I came across this discussion:
1. https://community.vercel.com/t/vercel-firewall-rules-to-deny-bot-attacks/1867
2. https://vercel.com/docs/deployment-protection/methods-to-bypass-deployment-protection
May be I didn't process the information correctly, but I did not see any straightforward mechanism demonstrating the WAF rules.
The API calls initially work but after sometime without any operation, bot protection triggers and then does not let API to work.
Any input is appreciated.
3 Replies
Spectacled Caiman
Hey Ramu,
I saw whats happening it looks like Vercels bot protection / firewall is rate‑limiting and then temporarily blocking your IP after a period of inactivity, which is why you see 429 and then 403 when you start typing again
what I suggest we do next is
In the Vercel project settings, we either turn off bot protection for this environment or loosen the rules for the API routes the editor uses (for example, whitelisting /api/editor or similar routes so they’re not treated as bots).
Adjust the editor’s autosave so it doesn’t fire too many requests in a short burst after you come back to the tab
As a quick workaround while we fix the config, you can try from another network (hotspot vs Wi‑Fi) to clear the temporary block on your current IP
If youre okay with it, can you check which firewall rule is being triggered, and then i can tell you what to set up so normal editing never gets flagged again
I saw whats happening it looks like Vercels bot protection / firewall is rate‑limiting and then temporarily blocking your IP after a period of inactivity, which is why you see 429 and then 403 when you start typing again
what I suggest we do next is
In the Vercel project settings, we either turn off bot protection for this environment or loosen the rules for the API routes the editor uses (for example, whitelisting /api/editor or similar routes so they’re not treated as bots).
Adjust the editor’s autosave so it doesn’t fire too many requests in a short burst after you come back to the tab
As a quick workaround while we fix the config, you can try from another network (hotspot vs Wi‑Fi) to clear the temporary block on your current IP
If youre okay with it, can you check which firewall rule is being triggered, and then i can tell you what to set up so normal editing never gets flagged again
Antillean Palm SwiftOP
Hey Shrey, thanks for your comment. That makes sense. Let me try what you said.
@Antillean Palm Swift Hey Shrey, thanks for your comment. That makes sense. Let me try what you said.
Spectacled Caiman
Yess! do let me know if you are stuck anywhere