Early Hints feedback

Yeah got the same 504 for nginx-ssl early hints user agent. Dug into my CF edge server logs via CF Enterprise logpush an have 1000s of entries.

example excerpt for one entry is

time pzcat /home/cfcmm-logs/20211013/*.log.gz /home/cfcmm-logs/20211014/*.log.gz /home/cfcmm-logs/20211015/*.log.gz | jq -r 'select(.BotScore <=100 and .ClientRequestHost == "blog.centminmod.com" and (.ClientRequestUserAgent| index("ssl")) and .ClientRequestPath == "/wp-content/themes/generatepress/assets/js/main.min.js" ) | "\(.ClientIP) \(.RayID)-\(.ParentRayID) \(.ClientRequestURI) \(.ClientRequestMethod) \(.ClientRequestReferer) \(.EdgeResponseStatus)-\(.EdgeResponseContentType) \(.OriginResponseStatus) \(.OriginResponseDurationMs)-\(.OriginResponseTime) \(.EdgeRequestHost) ctf-\(.CacheTieredFill) cs-\(.CacheCacheStatus) crs-\(.CacheResponseStatus)-\(.CacheResponseBytes) \(.EdgeColoCode) \(.ClientCountry) \(.ClientIPClass) \(.WorkerStatus)-\(.WorkerSubrequest)-\(.WorkerSubrequestCount) \(.BotScore) x \(.BotScoreSrc) \(.ClientRequestUserAgent) d-\(.ClientDeviceType) edgeip-\(.EdgeServerIP)"' 

3.219.212.117 69e4f7ea52f0578b-00 /wp-content/themes/generatepress/assets/js/main.min.js?ver=3.0.4 GET  504-text/html 0 0-0 blog.centminmod.com ctf-false cs-miss crs-504-1376 IAD us noRecord unknown-false-0 5 x Machine Learning nginx-ssl early hints d-desktop edgeip-

cs-miss crs-504-1376 IAD means cache status = miss with cache response status = 504 and response was 1376 bytes in size from IAD datacenter

504-text/html 0 means 504 edge response status with text/html content type and origin status code = 0

If I filter CF Firewall log on that log entry’s rayid get 2 firewall log entries for the same rayid! and they have identical timestamps!

Pluck IP 3.219.212.117 into filtering my CF Firewall and it seems it’s caught and logged in my simulate/log (don’t block/challenge) only firewall rule I setup

Though that useragent also gets caught and logged in my CF Firewall allow rules for verified bots

Some Amazon AWS IP trying a PUT request and probably not getting a response back?

also GET requests

Allow CF Firewall rule requests for verified bots with nginx-ssl early hints useragent are logged for Google, Yandex and Apple Engineering ASNs

edit: oh I have Cloudflare Signed Exchanges beta enabled https://blog.centminmod.com/2021/10/13/2511/testing-page-speed-with-cloudflare-automatic-signed-exchanges-google-search-cache/ and also Crawler Hints beta enabled so not sure if that is related? @firat @akrivit

2 Likes