Looking for testers Q-Feeds plugin

[Q-Feeds]

429 Rate Limit Exceeded.

Why?

Thanks,
Patrick

Aah you're using the same API token on both OPNsense as Adguard that conflicts. For multiple platforms you need multiple API tokens. Since you do have an active license with support I'll help you set it up in PM.

[Seimus]

Aah you're using the same API token on both OPNsense as Adguard that conflicts. For multiple platforms you need multiple API tokens. Since you do have an active license with support I'll help you set it up in PM.

I would like to as well load it into my Piholes (have a HA Pihole setup). Having preventive block on DNS combined with the one on FW is a welcome implementation.

Here I have a question about the licenses and API keys or better to say a sum-up. From the "Manage API Keys" I can see that I can setup up to 5 API keys.

Q1. Is the limit of API keys so 5 the max per account or this is depending on the subscription?
Q2. In regards of what has discussed before in this topic, each API key is linked to a subscription, so 1 API key per 1 type of license?
Q3. Pihole or Adguard can block only based on Domains. Did you maybe consider a "tiny" or a "DNS blackhole" subscription where you would provide only Domains as none of them can block based on IPs anyway?
Q4. In regards of Q2 this means 1 API key is limited to one single device due to the rate limit introduced by the subscription?

-----

Another idea,
in TIP would it be possible to provide graphs for respective categories in the "Threat Intelligence Overview"? This could be maybe useful for following the trend of IoCs. Not sure if it would be for any use tho, other than potential Tshooting.

-----

In TIP the View API logs have a field called "Auth Method" but it doesn't show any Auth method. It shows if the API call was successful or not, basically it represents in words the status code. Maybe this field should be renamed?

Regards,
S.

[Q-Feeds]

Aah you're using the same API token on both OPNsense as Adguard that conflicts. For multiple platforms you need multiple API tokens. Since you do have an active license with support I'll help you set it up in PM.

I would like to as well load it into my Piholes (have a HA Pihole setup). Having preventive block on DNS combined with the one on FW is a welcome implementation.

...................

Hi Seimus,

Thanks again for you great questions and suggestions! You're a great help!

A1. Currently we've set the limit to 5 keys per account but we can change this as needed. We might set it to unlimited when we go for the general release.
A2. That's correct, pricing is also based on per firewall/device and per beneficial user.
A3. Hmm we didn't actually up until now. We'll take it in consideration. Thanks for this great idea!
A4. Correct, that's due to the rate limit and if there are issues it makes troubleshooting easier as wel.

The idea to browse our Threat Intelligence, show trends, track APT groups, news, etc are all ideas we're planning to further expand the functionality of the TIP. Also dark web monitoring and other Attack Surface functionality is under development. It takes a lot of investment to develop and run such functionality though so we're in desperate need of some funds in order to develop this :) :)

Regarding the Auth Method, that would be way prettier indeed. I've added it to the list. Thank You!!

[gtwop]

Upgraded to OPNsense 25.7.5, reboot is required.

After reboot total __qfeeds_malware_ip, malware_ips loaded = 0

[Q-Feeds]

Upgraded to OPNsense 25.7.5, reboot is required.

After reboot total __qfeeds_malware_ip, malware_ips loaded = 0

Hi Gtwop,

It could take a little while before those stats are reloaded. The alias is not emptied though, it's just the statistics. Can you let me know if the stats in the widget reappeared?

That said I think there's definitely room for improvement so thank you for your feedback! We've added it to our list. 

[Monviech (Cedrik)]

No, the alias content itself is 0. It happened to me as well after a reboot. The plugin says I'm rate limited.

I would expect that I can redownload the same set of data as many times as I want (with request boundaries set to prevent ddosing).

I thought 7 days meant the data does not change for 7 days, but I can redownload the same set of data more than once?

[Patrick M. Hausen]

I also experience frequent "rate limiting" blocks when I look at the logs. With the default settings.

P.S. Same same - 0 loaded after update and reboot.

P.P.S. If your rate limiting is implemented like "1 request every x minutes maximum" - that is not going to work, because there will be a new reqest every time I reboot my firewall and one cannot tell when the last one happened.

Better: have the plugin perform one request per hour and rate limit to e.g. 5 requests per hour.

BTW: why rate limit at all? All requesters are registered customers with an API token even for the free tier. Abuse is not probable - people are installing your software and letting it do its thing.

[gtwop]

Over 4 hours since upgrade, some feedback.

Firewall: Aliases: __qfeeds_malware_ip, loaded# 0

Firewall: Diagnostics: Aliases Showing 0 to 0 of 0 entries

Issued this command several times: "service configd restart" No change.

Services: QFeeds Connect:Settings: Re-Apply API Key

Error reconfiguring QFeeds connect
downloaded index to /var/db/qfeeds-tables/index.json
exit with HTTPError 429 (Rate limit exceeded. Please try again later.)

Under folder:
/var/db/qfeeds-tables/, I see four files: malware_domains.txt
                                          phishing_urls.txt
                                          malware_ip.txt
                                          index.json

Updated: Oct 5th
Next update: 2025-10-12T23:35:10Z

My understanding is, it will refuse connections until the next due update.

[Patrick M. Hausen]

You can use TIP > Manage API Keys > Edit to activate a 5 minute override during which no rate limiting applies.

I would prefer a permanent solution, too, but for the moment that will probably help you. Worked for me - at least the alias is now populated. The widget still shows 0/0. I did a full reboot of my firewall.

[gtwop]

I tried several times to get another API Key, all I get on the upper corner in red letters is: "Warning          X"

Click on the X nothing changes.

[Patrick M. Hausen]

Don't try to get another key - you can activate an override of 5 minutes for your existing one.

[gtwop]

Thanks Patrick M, I used your advise and it worked, the alias is now populated.

[danderson]

Also Thx to Patrick, the override and then re-apply in the service under qfeeds re-populated the alias with info.  As i was also getting the rate limiting error.
exit with HTTPError 429 (Rate limit exceeded. Please try again later.)

Don't try to get another key - you can activate an override of 5 minutes for your existing one.

[Q-Feeds]

Thanks Patrick for helping out! This issue is high on the priority list! Will keep everyone updated.

[newsense]

It's been a while and I didn't receive any PM on how to set up qfeeds. Is the beta testing over or having enough accounts already ?