It seems that I am suffering some kind of attack that saturates my server with 16Gb in a matter of 5 minutes by requests or “visits”. I have restricted all access to port 80 and 443 (Apache) to everyone except CF ranges, I have set it to be accessible only from Spain and the load is on the ground. Some requests from outside are the ones that cause such a high load, something outside the server management itself. It is something that is executed from outside, the peak of requests from 1 hour ago has just been reflected. The problem is that our website is international and must be visible and operational at least in all European and American countries. In threats by country I get about 300 in 24h from the US.
Hi there,
Sorry for the issues you are facing.
Just to clarify you mentioned “, I have set it to be accessible only from Spain and the load is on the ground”
You mean you restricted access using Cloudflare custom rules on to only allow access from Spain and the server load drops and returns to normal levels?
If that is the case then that does sound like something that is passing through Cloudflare having an impact, although the numbers you reference (300 in 24 hours) is a relatively small number. I think you may be looking at the Security section under Analytics on our dashboard for that number, this does not have all the required information for all our security products.
A better place to look is under ‘Security > Firewall Events’ - if you have a block rule to block everything except Spain, this will show you information about all requests getting blocked by the rule you have in place - and hopefully point to some pattern/anomalies that helps you create a more specific custom rule to target that traffic.
You may also want to consider enabling ‘Super Bot Fight mode’ under the Security > Bots section of our dashboard to challenge/block ‘definitely automated’ requests because if this occurs automatically when you disable this custom rule, it sounds like it could be some sort of automated thing.
If you are not seeing many requests being blocked in firewall events, then this would be very strange and need more investigation to understand what could be happening here, which may involve looking at your origin web server and understanding what processes are causing the high usage and what is being seen in your server logs.
Hope this helps!
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.