Hello to all the Cloudflare community.
I am getting HTTP 522 errors since 27th January 2021 on my website mastercoria[.]com. I already visited the 5xx troubleshooting page of Cloudflare and did so much diagnostic, and I’ll explain to you what I found:
- My hosting is not blocking Cloudflare IPs (I asked them).
- keepalives are enabled and correctly configured in the hosting (I asked them).
- Cloudflare is pointing to the correct DNS since Cloudflare was correctly configured in the hosting (partner) via CDN.
- Discovered: Webserver is getting down and shows 522 error, but…
I discovered that My webserver is getting down at random times, you can check it here: https://statuspage.mastercoria.com (UptimeRobot).
As you can see, these events started on Jan 27th continuously:
I am not achieving any limits… but the estranging thing is that my server uses an average of 100-120 MB of ram continuously and before a downtime, occurs a peak. In Cloudflare stats, I can see that it logs the downtime:
You can see on statuspage.mastercoria[.]com that downtimes are random and not fixed… When I activate the IUAM, the server stops getting down as shown in the first photo. My hosting said that it is probably that someone is attacking my website via DDoS because the hosting’s defend system activated Null routing to the IP by those times.
I bought the Cloudflare Pro plan and by the first instance, it didn’t solve the problem. Now, I got deep and activated the IUAM (I’m Under Attack Mode) mode and saw the following things:
By the pass of the days, threads are increasing, now (9/03/2021) stats of security are the following:
(By this moment, I reached the limit of a new user, PLEASE open in new tab removing “[.]” to “.”).
In my firewall stats, I see the following:
As you can see, a lot of requests are arriving at the file l2[.]mastercoria[.]com/sw.js, and I applied a JS Challenge first to the sw.js file, and it didn’t stop the problem, then Block all requests to the sw.js file, and didn’t work… then I applied a JS Challenge to the entire l2[.]mastercoria[.]com subdomain and it didn’t stop the problem… And when I activated IUAM to the entire mastercoria[.]com the problem stopped… But as you can see, there are no many requests to other subdomains.
I DON’T KNOW WHAT TO DO ANYMORE… These are the things I already discovered since 27th Jan till now…
I am asking for advice on what to do in order to not use IUAM forever and stop these threads. Thank you for your help and support.