Cloudflare attacking my site

caching

#1

Why do I see lot of requests from cloudflare?. Before enabling cloudflare everything is normal, but now there is a spike in requests. We have the caching enabled, but these spikes in request stays all day.


#2

Not sure I understand the question. What type of spike in requests are you seeing? Overall looking at the last 30 days in the Analytics tab current requests are lower than a few weeks ago. There is a bit of a peak in uncached requests in the last few hours for uncached requests. By default Cloudflare caches static content https://support.cloudflare.com/hc/en-us/articles/200172516-Which-file-extensions-does-Cloudflare-cache-for-static-content- so requests for dynamic content will be sent to your origin.


#3

Before enabling the cloudflare for one of my subdomain the requests would be ~300 per minute. After enabling the cloudflare it jumps to ~1500 per minute.

Attached the graph for more info.


#4

Is that active sessions or requests? I could see sessions increasing behind Cloudflare…


#5

Those are active requests from Cloudflare. This is the same issue we faced earlier(two weeks before) and we unplugged the sub-domain from cloudflare. Today we plugged it again and face the same issue. Could it be a caching request from cloudflare?.

Last two weeks we are using CLoidflare DNS only. We switched off the cloud icon in the CNAME, thus it directly passing the requests to origin server.


#6

Those are TCP SYN_SENT and ESTABLISHED.


#7

Do you have access to the server logs to determine if these are legitimate requests to the origin? Do these represent persistent requests (TCP sessions open) or total number of requests to the origin server? If SYN ACK and established = number of persistent connections then that might make sense we will hold open connections for a period of time in order to potentially reuse them to improve performance in communicating with the origin.


#8

Cloudflare is the only gateway to the origin server. It seems those are persistent connections.
Is there any way that we can tell the cloudflare to reduce the number of persistent connection to origin when there is no need. My server uses 1/4th open connection.


#9

Any suggestions?.


#10

I’d recommend contacting support to see if there are any settings they can tweak to reduce the TTL for connections for your zone(s).


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.