Hello Cloudflare Community!:

Recently, a test was made in my webapp to have 300 concurrent requests on one page (the homepage), the tests was unsuccessful since the my server had a PHP bottleneck in which I lifted the parameters in order for the nodes to work fully.

I’m now trying to reproduce the test (not sure what tool was used) by using the tool slowhttptest, it gives me better results while pointing at my server directly, but the same results when proxying through Cloudflare, but it isn’t being blocked by the firewall, so I guess it just ‘drop connections’ since they are too slow?.

How would you approach this?, and what tool would you use in order to make 300 browser requests at one time and checking the response time?

Greetings,

Thank you for asking.

Try with:

memory_limit = 256M
max_execution_time = 300
max_input_time = 1000
max_input_vars = 5000 or 7000
post_max_size = 64M
upload_max_filesize = 32M

Also, I would suggest you to give it a try with PHP-OPCache too

Even if that’s a question, maybe more related to the StackExchange / ServerFault.

That’s related to your Web server → can it handle them? Are you using Nginx? Try tuning it a bit too.

Despite of not knowing what kind of type of server you have, hard to tell something more.

Depending on the website type, if possible I would cache it as a static HTML webpage using Cloudflare Page Rules and the Cache Level: Cache Everything option and set the Browser Cache TTL and Edge Cache TTL too.

You can try Argo Smart Routing as this could help you with dynamic content.

I’m using nginx, and while I think my bottleneck is now solved, I need to test this as they did, and I’m not sure which tool they used, and which one I should use

Thanks for the recommendations too @fritex, I will definetely check these.

I would google for “nginx performance tuning”:

I would start by looking into the below parameters and configure them as needed:

worker_processes
worker_rlimit_nofile
worker_connections
multi_accept
epoll
sendfile
tcp_nopush
tcp_nodelay
keepalive_timeout
types_hash_max_size
server_names_hash_bucket_size
server_names_hash_max_size
variables_hash_max_size
variables_hash_bucket_size

Thanks, the thing is that, with that I can solve the bottleneck in my server but, I need to be sure that Cloudflare doesn’t end connections, which tool should I use to check this?, I was using slowhttptest but, I’m not sure that it is the test that I want.

It shouldn’t.

But, 100s is default, then it throws 522 timeout.
You increase this value, but this requires Enterprise level.

If a script needs more than 100s to execute on your origin host/server, then you have to troubleshoot this.

When going to my webapp through Cloudflare, and the test is successful when going directly to my server

Thank you for sharing a screenshot and feedback information.

Hm, any firewall running?

May I ask is Cloudflare allowed to connect to your origin host/server? Kindly, I’d suggest you to check below article and allow the IPs as follows:

• https://support.cloudflare.com/hc/en-us/articles/201897700-Allowing-Cloudflare-IP-addresses

Cloudflare IPs can be found at the link from below:

• https://www.cloudflare.com/ips/

Nevertheless, make sure you implemented the below to your Nginx:

• https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs

May I ask which port does the web app use?
Is the port supported and compatible with Cloudflare proxy ?
Kindly, check this here:

• https://developers.cloudflare.com/fundamentals/get-started/network-ports

Or are you using WebSockets maybe?

EDIT:
Before moving to Cloudflare, was your Website working over HTTPS connection?
May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )?

I’m using Cloudflare WAF, however, I don’t see it blocking these requests… I can make a more aggressive DoS and it shows its blockage correctly, but not for the test I just showed. Cloudflare is indeed allowed to connect to my origin server.

I’m not sure how I would use the Restoring-original-visitor-IPs docs you gave me…

The port is the default 443, haven’t got any issues with it… My webapp was over HTTPS and I have it in ‘full’

When you are using you would see Cloudflare IPs in your access log files.
To get the true visitor IP instead of Cloudflare ones, from the link I’ve provided, add below code to your nginx.conf file at the beginning in the http { ... } part and restart Nginx service to apply the changes:

add_to_nginx_conf372×611 4.83 KB

Thanks, I will try that, at first Cloudflare let me connect and the tool choose a UserAgent from which I was going to filter, and didn’t appeared in my server,

But now, the socket doesn’t even start connections when trying to connect through Cloudflare, it connects correctly directly

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.