Connectivity issues to Cloudflare for Italian customers

Over the past 3-4 days, I have had several customers report connectivity issues to my website, https://timingapp.com/. It appears that all the customers reporting problems are based in Italy.

Here is a curl call illustrating the issue:

curl -v -L --trace-time https://timingapp.com                               
17:07:02.599104 *   Trying 104.26.6.122... 
17:07:02.599328 * TCP_NODELAY set 
17:08:18.574309 * Connection failed 
17:08:18.574358 * connect to 104.26.6.122 port 443 failed: Operation timed out 
17:08:18.574410 *   Trying 104.26.7.122... 
17:08:18.574436 * TCP_NODELAY set 
17:09:34.962005 * Connection failed 
17:09:34.962092 * connect to 104.26.7.122 port 443 failed: Operation timed out 
17:09:34.962193 *   Trying 172.67.68.109... 
17:09:34.962245 * TCP_NODELAY set 
17:10:48.787094 * After 73820ms connect time, move on! 
17:10:48.787184 * connect to 172.67.68.109 port 443 failed: Operation timed out 
17:10:48.787305 * Failed to connect to timingapp.com port 443: Operation timed out 
17:10:48.787377 * Closing connection 0 
curl: (7) Failed to connect to timingapp.com port 443: Operation timed out 

I have temporarily disabled Cloudflare for https://timingapp.com/, which almost immediately resolved the issue. The curl call from above was made while the site was proxied through Cloudflare, though. Also, I have left https://www.timingapp.com/ Cloudflare to have a Cloudflare-hosted endpoint for ongoing testing.

Is anyone else seeing connectivity issues to Cloudflare from their Italian customers?

Works from me in Italy, going to MXP.

Does curl -v -L --trace-time https://www.timingapp.com work for you as well?

Yes.

curl -vI -L --trace-time https://www.timingapp.com
14:37:16.058832 *   Trying 104.26.7.122...
14:37:16.059054 * TCP_NODELAY set
14:37:16.086558 * Connected to www.timingapp.com (104.26.7.122) port 443 (#0)
14:37:16.086683 * ALPN, offering h2
14:37:16.086705 * ALPN, offering http/1.1
14:37:16.093832 * successfully set certificate verify locations:
14:37:16.093861 *   CAfile: /etc/ssl/cert.pem
  CApath: none
14:37:16.093931 * TLSv1.2 (OUT), TLS handshake, Client hello (1):
14:37:16.159640 * TLSv1.2 (IN), TLS handshake, Server hello (2):
14:37:16.159771 * TLSv1.2 (IN), TLS handshake, Certificate (11):
14:37:16.160870 * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
14:37:16.161304 * TLSv1.2 (IN), TLS handshake, Server finished (14):
14:37:16.161555 * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
14:37:16.161575 * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
14:37:16.161623 * TLSv1.2 (OUT), TLS handshake, Finished (20):
14:37:16.191162 * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
14:37:16.191240 * TLSv1.2 (IN), TLS handshake, Finished (20):
14:37:16.191266 * SSL connection using TLSv1.2 / ECDHE-ECDSA-CHACHA20-POLY1305
14:37:16.191283 * ALPN, server accepted to use h2
14:37:16.191299 * Server certificate:
14:37:16.191324 *  subject: C=US; ST=CA; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
14:37:16.191343 *  start date: Jul 19 00:00:00 2020 GMT
14:37:16.191361 *  expire date: Jul 19 12:00:00 2021 GMT
14:37:16.191387 *  subjectAltName: host "www.timingapp.com" matched cert's "*.timingapp.com"
14:37:16.191409 *  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
14:37:16.191425 *  SSL certificate verify ok.
14:37:16.191459 * Using HTTP2, server supports multi-use
14:37:16.191476 * Connection state changed (HTTP/2 confirmed)
14:37:16.191494 * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
14:37:16.191550 * Using Stream ID: 1 (easy handle 0x7ff19c00d600)
14:37:16.191583 > HEAD / HTTP/2
14:37:16.191583 > Host: www.timingapp.com
14:37:16.191583 > User-Agent: curl/7.64.1
14:37:16.191583 > Accept: */*
14:37:16.191583 > 
14:37:16.191682 * Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
14:37:16.269452 < HTTP/2 301 
HTTP/2 301 
14:37:16.269564 < date: Fri, 20 Nov 2020 13:37:16 GMT
date: Fri, 20 Nov 2020 13:37:16 GMT
14:37:16.269601 < content-type: text/html; charset=iso-8859-1
content-type: text/html; charset=iso-8859-1
14:37:16.269640 < set-cookie: __cfduid=d007a0b1e3b43002e39efc888633b77b01605879436; expires=Sun, 20-Dec-20 13:37:16 GMT; path=/; domain=.timingapp.com; HttpOnly; SameSite=Lax
set-cookie: __cfduid=d007a0b1e3b43002e39efc888633b77b01605879436; expires=Sun, 20-Dec-20 13:37:16 GMT; path=/; domain=.timingapp.com; HttpOnly; SameSite=Lax
14:37:16.269713 < location: https://timingapp.com/
location: https://timingapp.com/
14:37:16.269761 < cf-cache-status: DYNAMIC
cf-cache-status: DYNAMIC
14:37:16.269785 < cf-request-id: 068778ac0100000e2a82a3e000000001
cf-request-id: 068778ac0100000e2a82a3e000000001
14:37:16.269837 < expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
14:37:16.269858 < report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=g0ykOQ5WodMlOdn%2Fvg0M%2FJtSlRTwuMSRprDTXmPEU%2Bu53c%2FD%2BhT2SIssFa6leKFEzHNGWKC0LPNbdSt9L4YqPgRZOSZBqAPr0ErJb1hlhfOhLg%3D%3D"}],"group":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=g0ykOQ5WodMlOdn%2Fvg0M%2FJtSlRTwuMSRprDTXmPEU%2Bu53c%2FD%2BhT2SIssFa6leKFEzHNGWKC0LPNbdSt9L4YqPgRZOSZBqAPr0ErJb1hlhfOhLg%3D%3D"}],"group":"cf-nel","max_age":604800}
14:37:16.269899 < nel: {"report_to":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
14:37:16.269934 < server: cloudflare
server: cloudflare
14:37:16.269967 < cf-ray: 5f52908cce370e2a-MXP
cf-ray: 5f52908cce370e2a-MXP

14:37:16.269988 < 
14:37:16.270017 * Connection #0 to host www.timingapp.com left intact
14:37:16.270044 * Issue another request to this URL: 'https://timingapp.com/'
14:37:16.270937 *   Trying 116.203.154.135...
14:37:16.270965 * TCP_NODELAY set
14:37:16.339029 * Connected to timingapp.com (116.203.154.135) port 443 (#1)
14:37:16.339091 * ALPN, offering h2
14:37:16.339109 * ALPN, offering http/1.1
14:37:16.346020 * successfully set certificate verify locations:
14:37:16.346050 *   CAfile: /etc/ssl/cert.pem
  CApath: none
14:37:16.346128 * TLSv1.2 (OUT), TLS handshake, Client hello (1):
14:37:16.418955 * TLSv1.2 (IN), TLS handshake, Server hello (2):
14:37:16.419007 * TLSv1.2 (IN), TLS handshake, Certificate (11):
14:37:16.419433 * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
14:37:16.419555 * TLSv1.2 (IN), TLS handshake, Server finished (14):
14:37:16.419855 * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
14:37:16.419876 * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
14:37:16.419918 * TLSv1.2 (OUT), TLS handshake, Finished (20):
14:37:16.487383 * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
14:37:16.487461 * TLSv1.2 (IN), TLS handshake, Finished (20):
14:37:16.487501 * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
14:37:16.487524 * ALPN, server accepted to use http/1.1
14:37:16.487545 * Server certificate:
14:37:16.487568 *  subject: CN=timingapp.com
14:37:16.487592 *  start date: Nov 11 12:53:22 2020 GMT
14:37:16.487610 *  expire date: Feb  9 12:53:22 2021 GMT
14:37:16.487644 *  subjectAltName: host "timingapp.com" matched cert's "timingapp.com"
14:37:16.487673 *  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
14:37:16.487699 *  SSL certificate verify ok.
14:37:16.487738 > HEAD / HTTP/1.1
14:37:16.487738 > Host: timingapp.com
14:37:16.487738 > User-Agent: curl/7.64.1
14:37:16.487738 > Accept: */*
14:37:16.487738 > 
14:37:16.586358 < HTTP/1.1 302 Found
HTTP/1.1 302 Found
14:37:16.586392 < Date: Fri, 20 Nov 2020 13:37:16 GMT
Date: Fri, 20 Nov 2020 13:37:16 GMT
14:37:16.586416 < Server: Apache/2.4.29
Server: Apache/2.4.29
14:37:16.586435 < Location: /?lang=en
Location: /?lang=en
14:37:16.586454 < Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8

14:37:16.586473 < 
14:37:16.586496 * Connection #1 to host timingapp.com left intact
14:37:16.586521 * Issue another request to this URL: 'https://timingapp.com/?lang=en'
14:37:16.586553 * Found bundle for host timingapp.com: 0x7ff19ac0c3d0 [can pipeline]
14:37:16.586570 * Could pipeline, but not asked to!
14:37:16.586593 * Re-using existing connection! (#1) with host timingapp.com
14:37:16.586612 * Connected to timingapp.com (116.203.154.135) port 443 (#1)
14:37:16.586651 > HEAD /?lang=en HTTP/1.1
14:37:16.586651 > Host: timingapp.com
14:37:16.586651 > User-Agent: curl/7.64.1
14:37:16.586651 > Accept: */*
14:37:16.586651 > 
14:37:16.686494 < HTTP/1.1 200 OK
HTTP/1.1 200 OK
14:37:16.686525 < Date: Fri, 20 Nov 2020 13:37:16 GMT
Date: Fri, 20 Nov 2020 13:37:16 GMT
14:37:16.686545 < Server: Apache/2.4.29
Server: Apache/2.4.29
14:37:16.686564 < X-XSS-Protection: 1; report=https://7cb19899c2c72957a60718dc5271ce7a.report-uri.com/r/d/xss/enforce
X-XSS-Protection: 1; report=https://7cb19899c2c72957a60718dc5271ce7a.report-uri.com/r/d/xss/enforce
14:37:16.686587 < X-Frame-Options: SAMEORIGIN
X-Frame-Options: SAMEORIGIN
14:37:16.686605 < Cache-Control: s-maxage=0
Cache-Control: s-maxage=0
14:37:16.686624 < Set-Cookie: lang=en; expires=Sun, 20-Dec-2020 13:37:16 GMT; Max-Age=2592000
Set-Cookie: lang=en; expires=Sun, 20-Dec-2020 13:37:16 GMT; Max-Age=2592000
14:37:16.686642 < Cache-Control: max-age=0, no-cache
Cache-Control: max-age=0, no-cache
14:37:16.686661 < Content-Type: text/html; charset=utf-8
Content-Type: text/html; charset=utf-8

14:37:16.686680 < 
14:37:16.686702 * Connection #1 to host timingapp.com left intact
* Closing connection 0
* Closing connection 1
1 Like

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.