Cloudflare making hundreds of GET requests to site

I haven’t noticed this before on any other site but it’s slowing down the server and using up the CPU. Cloudflare is making hundreds of GET requests several times per day to a site as follows. Entry from WHM Apache Status:

141.101.99.25 http/1.1 domain.com:443 GET / HTTP/1.1

Any idea why this may be happening?

Thanks

If only Cloudflare IP addresses appear, I believe you would need to change few things at your host/origin server to see the real IP addresses of your visitors trying to access one or more domains:

In case to check for Cloudflare IP addresses, below is the list of Cloudflare IPs and also here is an article in case you need to allow Cloudflare to connect to your host/origin (if Cloudflare isn’t already allowed to):

3 Likes

I can see IP’s other than Cloudflare so it’s not just a problem with not being able to identify them. It’s that CF hits the site with hundreds of GET requests and the CPU usage goes up. It happens with another CF site on the same server.

what user agents are logged?

I’m looking at Apache Status in WHM and it doesn’t show user agents.

Any WordPress website running, or e-commerce, or “compare this to that”, or any other high mysql usage web application running without proper caching setup (memcached, redis, page cache, etc.)? No matter it is behind Cloudflare.

May I ask if you have tested and tuned per need your Apache server (with PHP process) to accept that much of traffic?

Interesting.

Never been an issue for years until recently.

Apache Status looks like this : https://www.inmotionhosting.com/support/wp-content/uploads/2017/10/apache-status_apache-status-2.png

No, this is just a basic WP site for a local sports club. Wasn’t an issue until we moved it to CF.

Seems to me like someone is using Joomla CMS somewhere, or a crawler/bot tries to crawl or re-index some of your clients Websites.

Or, a bad behaviour of bot trying to access something.

Have the websites/domain of your clients, which are using Coudflare, enable the option like Bot Fight mode and security settings to protect them agains that kind of, if so, abuse or tries of hacking (maybe?)

Apache status in WHM IIRC also logs requests for WHM main hostname and not just for web site domains hosted on the server so it could be for main hostname and you haven’t set that main hostname up to restore Cloudflare real visitor IPs too. Ensure every domain served from WHM including main hostname have Cloudflare real visitor IP’s restored too.

1 Like

Also looks like you’re using WHM with nginx reverse proxy to Apache setup. So you may need to do an additional Nginx level configuration to pass on the real IP from the nginx reverse proxy to Apache for real_ip_recursive on; see Module ngx_http_realip_module

as you have visitor > CF > nginx reverse proxy > apache setup

Syntax: real_ip_recursive on off ;
Default: real_ip_recursive off;
Context: http , server , location

This directive appeared in versions 1.3.0 and 1.2.1.

If recursive search is disabled, the original client address that matches one of the trusted addresses is replaced by the last address sent in the request header field defined by the real_ip_header directive. If recursive search is enabled, the original client address that matches one of the trusted addresses is replaced by the last non-trusted address sent in the request header field.

though from NGINX with Reverse Proxy | cPanel & WHM Documentation it suggest Cpanel nginx reverse proxy takes care of Cloudflare config but whether it’s fully correct I don’t know

CloudFlare®

The NGINX installation will detect if a domain uses CloudFlare and configure the system to work properly.

The system saves the CloudFlare configuration to the following location:

/etc/nginx/conf.d/includes-optional/cloudflare.conf

If your secure connections don’t appear in the SSL log, you can change the SSL settings in CloudFlare.

1 Like

That’s not my log. It’s just an example of the data I can see.

Bot fight is enabled.

They show in the list as vhosts for the relevant domain.

I can see both normal IP and CF IP visits for this domain so it’s managing to separate the two OK.

some of the domains in WHM apache status are not CF proxy enabled though - is that intentional?

1 Like

Not all sites on the server are through CF.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.