API count exceeded - Increase Quota with Membership
-
In Suricata on the Alert tab, when I click on the globe icon to:
Check host GeoIP data
I get the following message:
API count exceeded - Increase Quota with Membership
Why am I getting this message, and to what membership is the reference?
-
That particular bit of code was contributed by a member of the Netgate developer team, and not me, so I'm not sure at the moment (off the top of my head) exactly how it is doing the GeoIP lookup. But it sounds like perhaps it is using some public "free" service that has a limit on lookups over some time interval. Perhaps some number of look ups per hour or day are "free", and then if the same inbound IP keeps asking beyond the quota limit you get the returned message. Just a guess on my part based on the returned text.
Edit: okay, went back and looked over the package code and found the URL it is submitting the IP to for GeoLocation. The URL is https://api.hackertarget.com/geoip/. So I'm guessing that site has a quota for "free" lookups, and to get more you must register and perhaps pay (or maybe just register ??).
-
@bmeeks Based on the information you provided, I did find a pricing/membership web site (should any one else need it) at:
https://hackertarget.com/scan-membership/
Thanks for taking the time to check the code for the api url...very much appreciate the effort!
-
@kim-premuda said in API count exceeded - Increase Quota with Membership:
@bmeeks Based on the information you provided, I did find a pricing/membership web site (should any one else need it) at:
https://hackertarget.com/scan-membership/
Thanks for taking the time to check the code for the api url...very much appreciate the effort!
It is also likely, that with a paying membership, they give you some type of license key that would be submitted with each lookup request. Or perhaps an entirely different URL is used in that case. That's the way some other sites work. If that is the case, then the GUI code within the Suricata package would most likely need to be adapted for that circumstance (having to submit a license key in the URL or using a different URL entirely).
I will refer the Netgate developer who added the feature to this thread via PM. He might want to adapt the code a bit.
-
The Netgate developer and I are looking into a better solution than using the quota-limited free site for the GeoIP lookup option on the ALERTS tab. Here is the Redmine Bug Report tracking this issue: https://redmine.pfsense.org/issues/12909.
-
@bmeeks Thank you very much!
-
@bmeeks Just to confirm your idea, it does appear that the third-party block was automatically removed after some time period (~24 hours) as I am again able to check the geoIP status in Suricata without getting the quota/membership message.