Rank: Newbie
Groups: Developers
Joined: 4/17/2020(UTC)
Posts: 2
Thanks: 3 times
Was thanked: 1 time(s) in 1 post(s)
|
Has anyone had any success with implementing database caching for AbleCommerce?
Today, my site is getting hammered by ClaudeBot / Anthropic with thousands of hits per hour. If caching was properly implemented, the site should be able to handle this easily but instead, my database overwhelms my CPU because there doesn't seem to be any caching. This has happened many times with AI bots but in this case, the ClaudeBot is mostly hitting the same Category page thousands of times for some reason. With caching, hitting the same page should be easy for the system to handle but we don't have that. I've got Cloudflare wrapping the site but cache-control is set to dynamic for all pages so CloudFlare doesn't cache them. We've also got Live Chat on the site which can make page caching complicated but database caching should work well but there doesn't seem to be any.
Anyone solved any of this?
Doesn't seem like AbleCommerce is really evolving for the times anymore.
|
|
|
|
|
|
Rank: Advanced Member
Groups: System, Administrators, Developers, Registered, HelpDesk
Joined: 10/29/2018(UTC)
Posts: 505
Thanks: 5 times
Was thanked: 36 time(s) in 35 post(s)
|
We are having the same issues with ClaudeBot, but Cloudflare seems to be working pretty well. We have security rules in place to prevent the massive spikes.
As far as I know, we use Nhibernate for caching. I will ask our dev to look into this.
As we learn more about how these AI bots interacting with AbleCommerce, we can make improvements. Our recent focus has been primarily adding new features, but we will certainly look into the pros and cons of database caching.
Setting up rules in Cloudflare should prevent thousands of hits to any page. If you would like to share the security rules that you have setup now, I'm happy to share our configurations as well. |
Thanks for your support!
Katie
Secure eCommerce Software and Hosting |
|
|
|
|
|
Rank: Advanced Member
Groups: Administrators, Developers, Registered, HelpDesk, Authorized User, System
Joined: 10/11/2018(UTC)
Posts: 110
Thanks: 19 times
Was thanked: 18 time(s) in 18 post(s)
|
Database caching alone would not solve this issue, because most of the load is not just raw database reads, but repeated execution of business logic and queries per request within the application pipeline.
The system already has NHibernate second-level caching enabled for Category entities, so we are not repeatedly hitting the Category table itself. However, the category page workload is primarily driven by product list queries, pricing rules, and view model construction, which are not covered by entity caching.
So when ClaudeBot repeatedly hits the same category page, each request still executes the full request pipeline, including those expensive queries and processing steps.
Regarding Cache-Control being set to “dynamic” for all pages — that is expected in the current configuration and it also prevents Cloudflare from caching responses at the edge. As a result, every request (including bots) is still forwarded to the origin server.
From the application side, there is no additional database-level caching gap here — the issue is mainly request-level execution combined with lack of edge caching for anonymous traffic. To mitigate this load, caching rules would need to be handled at the Cloudflare layer so that anonymous category pages can be served from cache, while bypassing cache for authenticated and checkout-related pages.
|
|
|
|
|
|
Rank: Newbie
Groups: Developers
Joined: 4/17/2020(UTC)
Posts: 2
Thanks: 3 times
Was thanked: 1 time(s) in 1 post(s)
|
We shouldn't be forced to rely on an external caching system the system to be able to handle significant traffic. I see a pretty consistent ratio between the CPU usage for the w3wp.exe process and the SQL Server process where the SQL Server is around 4 times higher on spikes. So, for instance if the w3wp process hits 10% of CPU usage, the SQL Server will hit 50%. So, SQL Server is definitely more of the bottleneck for my system. For the vast majority of sites, the product list queries and pricing are going to be the same regardless of whether the user is logged in or not. There needs to be intelligent caching involved so every page isn't built from scratch every time. If you all have CloudFlare rules that address this, I'd love to see them. I'm currently just using Rate Limiting for bots to 1 visit per 10 seconds and then for (http.user_agent contains "Claude-SearchBot") I'm either doing a Managed Challenge or Blocking (when my server gets overloaded). There strangest thing is Claude just keeps hammering the exact same page. I haven't been able to find anything about that page that should cause this: In the last 24 hours: Cloudflare detected 82.17k requests from Claude-SearchBot. This is a 87.2% increase compared to the previous period. www.crmagnetics.com/AC-Current-Transducers is the most crawled path with 81.53k successful requests. 82.06k crawls received an HTTP 403 response. 82.17k requests were from Claude-SearchBot. Edited by user Friday, June 12, 2026 2:34:46 PM(UTC)
| Reason: Adding additional info
|
|
|
|
|
|
Rank: Advanced Member
Groups: System, Administrators, Developers, Registered, HelpDesk
Joined: 10/29/2018(UTC)
Posts: 505
Thanks: 5 times
Was thanked: 36 time(s) in 35 post(s)
|
Quote:We shouldn't be forced to rely on an external caching system the system to be able to handle significant traffic. I do agree, but to be fair, are we dealing with a Denial of Service attack or something else? If Claude (or other AI bots) are hitting the same page over and over, then it isn't a valid crawl. I know it is so frustrating, but we are fighting against AI which tough. I'll try to get you the Cloudflare rules that I'm using. Are you on their free plan or the $20/mo. There are different configurations for each. Also, for the database server. What are the specs? I agree that there is room for improvement here, and I don't think your observation should be dismissed simply because Cloudflare can help mitigate the problem. The current NHibernate caching does reduce some database activity by caching entities such as categories, but as Nadeem explained, the majority of the work involved in rendering a category page comes from product retrieval, pricing calculations, filtering, sorting, and building the page model. Those operations are still executed for each request. That said, your point about repeated requests to the exact same category page is valid. When anonymous users or bots request the same content thousands of times, there are opportunities to reduce the amount of work performed by the application and database. The challenge is doing so without introducing stale pricing, inventory, personalization, or other side effects that many stores depend on. Cloudflare is currently the most practical mitigation because it prevents those requests from reaching the application server at all. However, that does not mean we should ignore opportunities for additional caching or optimization within AbleCommerce itself. That being said, I have reviewed the category page using a product finder control and noticed the query to display the number of products shown next to each category has a high SQL query execution time. There is a widget setting to turn this off. Maybe you can try that temporarily? This is one area where caching can be implemented safely and effectively. I will log an issue with the dev team so we can look into it for the next version. |
Thanks for your support!
Katie
Secure eCommerce Software and Hosting |
|
|
|
|
|
Rank: Newbie
Groups: Developers
Joined: 4/17/2020(UTC)
Posts: 2
Thanks: 3 times
Was thanked: 1 time(s) in 1 post(s)
|
We've implemented an eTag caching fix for Categories for users that aren't authenticated that seems to be working great. I've turned off all CloudFlare mitigations, Claude is still hammering the site but the CPU usage rarely exceeds 25%.
Here's the new code for ValidateCategoryAttribute.cs
namespace AbleCommerce.Code
{
using System;
using System.Configuration;
using System.Data.SqlClient;
using System.Web;
using System.Web.Mvc;
using CommerceBuilder.Catalog;
using CommerceBuilder.Common;
using CommerceBuilder.DomainModel;
using CommerceBuilder.Users;
using CommerceBuilder.Utility;
public class ValidateCategoryAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
var context = filterContext.HttpContext;
if (filterContext.ParentActionViewContext == null && context != null)
{
int id = AlwaysConvert.ToInt(filterContext.RouteData.Values["Id"]);
if (!context.Request.IsAuthenticated)
{
string etag = GetCategoryETag(id);
if (etag != null)
{
context.Response.AppendHeader("ETag", etag);
context.Response.AppendHeader("Cache-Control", "no-cache, no-transform");
if (string.Equals(context.Request.Headers["If-None-Match"], etag, StringComparison.Ordinal))
{
filterContext.Result = new HttpStatusCodeResult(304, "Not Modified");
return;
}
}
}
var category = EntityLoader.Load<Category>(id);
if (category != null)
{
if ((category.Visibility == CatalogVisibility.Private) &&
(!AbleContext.Current.User.IsInRole(Role.CatalogAdminRoles)))
{
context.Response.Redirect(NavigationHelper.GetHomeUrl());
}
PageVisitHelper.RegisterPageVisit(category.Id, CatalogNodeType.Category, category.Name);
PageHelper.BindMetaTags(filterContext, category);
}
else NavigationHelper.Trigger404(HttpContext.Current.Response, "Invalid Category");
}
}
private static string GetCategoryETag(int categoryId)
{
if (categoryId == 0)
{
return null;
}
string connStr = ConfigurationManager.ConnectionStrings["AbleCommerce"]?.ConnectionString;
if (string.IsNullOrEmpty(connStr))
{
return null;
}
try
{
using (var conn = new SqlConnection(connStr))
{
using (var cmd = new SqlCommand(@"SELECT
BINARY_CHECKSUM(c.Name, c.Summary, c.Description, c.Title, c.MetaDescription, c.VisibilityId, c.IsFeatured, c.OuterTemplateId, c.InnerTemplateId),
(SELECT COUNT(*) FROM ac_CatalogNodes WHERE CategoryId = @id)
FROM ac_Categories c WHERE c.CategoryId = @id", conn))
{
{
cmd.Parameters.AddWithValue("@id", categoryId);
conn.Open();
using (var reader = cmd.ExecuteReader())
{
if (!reader.Read())
{
return null;
}
int checksum = reader.GetInt32(0);
int nodeCount = reader.GetInt32(1);
return string.Format("W/\"{0:X8}-{1}\"", checksum, nodeCount);
}
}
}
}
}
catch
{
return null;
}
}
}
}
|
 1 user thanked david9688526 for this useful post.
|
|
|
|
Rank: Advanced Member
Groups: System, Administrators, Developers, Registered, HelpDesk
Joined: 10/29/2018(UTC)
Posts: 505
Thanks: 5 times
Was thanked: 36 time(s) in 35 post(s)
|
Thank you, David!
I'm so glad this update has solved the issue for the Claude bot, and I truly appreciate that you shared the code.
|
Thanks for your support!
Katie
Secure eCommerce Software and Hosting |
|
|
|
|
|
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.
Important Information:
The AbleCommerce Forums uses cookies. By continuing to browse this site, you are agreeing to our use of cookies.
More Details
Close
