I have 916 CNAME records on my domain. They all point to the same server, and a different website is served depending on the subdomain. I know that’s a lot of records, but we’re not pushing any limits and the system works great.
Occasionally, Cloudflare appears to be doing health checks or something similar and performs a GET on every domain, all around the same time. So, we have 916 HEAD requests, followed by 916 GET requests, which results in a redirect to each website’s app entry (foo.example.com/some-url), and then more GET requests for all assets on those pages, some of which are dynamic and run through the server itself (not static files).
So, what we end up seeing in our logs is about 10,000 relatively simultaneous requests from Cloudflare to our server. These result in several times more of simultaneous database requests behind the scene. We’re ultimately getting something that looks like exactly what we’re using Cloudflare to avoid
I know that we can use a wildcard CNAME record with proxies on the Enterprise plan, but pricing for that is high enough that they don’t even list it on their pricing page.
Does anyone have any advice on this? Experience with Cloudflare’s intermittent health checks, or whatever they’re doing? I opened a support ticket, but the response basically wrote me off and said that “Cloudflare does not perform DoS attacks against its customers”, which is not at all what I asked in my support ticket. Any ideas are welcome, I appreciate everyone’s time.