Massive Spike in EMPTY Requests from Luxembourg

Hi
Over the last few days I’ve noticed heavy and sporadic activity coming from Luxembourg, with really high requests in any one period.

In the last 6 hours it’s been a total of over 165k requests, for files like: feed/rss, feed/atom, /author/admin and also a few legitimate pages on my website

Cloudflare is stating these are EMPTY/NONE Content Types, and show up as the grey panels.

Yesterday I tried to get onto of this by adding a temporay County Block for Luxembourg in Firewall Rules, but this is being completely ignored. It’s the first rule, so should override everything else.

I also added the file types that are being targeted to block access individually in Firewall Rules, and these are also being ignored.

It seems whatever I do to try and mitigate this behaviour, from Luxembourg, from within Cloudflare is being totally ignored.

I also added Luxembourg IP address in htaccess, but this again isn’t making any difference.

I am seeing activity in Rate Limiting Billing (but not actually within the Firewall, Tools, Rate Limiting Rule) , and look forward to being charged for the pleasure in the not too distant future. At the moment it’s under 9000, but over 10k and i’ll be charged.

So really looking to put a halt to this behaviour.

Is anyone else seeing this level of activity, and any ideas on how to mitigate the traffic!

I did open up an official ticket last week, but responses have been slow and are not really answering the questions and concerns I have put to them.

Many thanks
Graham Smith

Hi,
I have the exact same issue (hundreds of thousands of requests from Luxembourg to URLs such as /feed.

I can add that I don’t see these requests if I use the old CloudFlare Analytics.
So far, Support suggests to block these with Firewall rules…

@glogosmith did you get an answer from support ?

Thanks.
Antoine

Hi Antoine
It seemed to had been resolved, but I’ve checked today and it’s back with a vengeance, hitting nearly 200,000 requests for files that don’t exist.

Am just about to reopen the Support Ticket and find out what’s happening.

Will update this thread when I hear more.

I found that trying to do anything with Firewall Rules was futile.

I created numerous rules to block all those files, as well as trying to Block Luxembourg, but as all these requests are from Cloudflare, there’s nothing one can do.

Also bear in mind these requests will NOT be hitting your origin server, so really no harm is being done by these requests, it’s just a little unnerving when you first see it.

All I do now when checking my analytics, is to simply Exclude ‘Country’ Luxembourg and Exclude ‘Content Type’ Empty

when viewing analytics, then that takes that out of the equation, and you’re left with mostly legitimate analytics.

Hi Graham,

thanks for all that additional information. Cloudflare support initial answer was not satisfying, but after I pointed them to your thread an another one, they understood and acknowledged the issue. Their last message from this morning includes this:

I got some confirmation internally and there is a bug has been found which our team is currently working on the fix. Once the fix is implemented then you shouldn’t be seeing these purge requests on your dashboard anymore.

So we should soon have clean Analytics

Antoine

It is not the requests which are empty. The log is showing requests which are all getting a 301 redirect response, which is why the Content Type is none. Content Type is only really valid for responses with a payload, and should not be present on responses with no payload, like redirects.

This topic was automatically closed after 30 days. New replies are no longer allowed.