Requests do not appear to be proxied through cloudflare

Hello,

My JavaScript URL is https://av-northern-apps.com/js/agecheckerplus_mG35tH2eGxRu7PQW.js
I want to use Cloudflare to handle caching but when I look at the request headers it seems like its just hitting my server directly and Cloudflare isn’t hit. How can I troubleshoot this?

I have a similar URL at https://age-verification-northern-apps.com/js/agecheckerplus_mG35tH2eGxRu7PQW.js which appears to work fine. I can see Cloudflare specific headers when I visit that URL in my web browser.

Thanks

https://av-northern-apps.com/js/agecheckerplus_mG35tH2eGxRu7PQW.js (websniffer.cc)

Connect to 172.67.183.225 on port 443 ... ok

Server:  cloudflare

https://age-verification-northern-apps.com/js/agecheckerplus_mG35tH2eGxRu7PQW.js (websniffer.cc)

Connect to 172.67.196.30 on port 443 ... ok

Server:  cloudflare

Thanks for checking that for me, I see the same results as you when I check websniffer. If I check the headers in my web browser with chrome or safari I still see “server: nginx” (though Firefox shows “server: Cloudflare” as expected) - any idea why that would be?

Are your different browsers perhaps using a DNS cache? Something like this, maybe…

https://www.cyberciti.biz/faq/google-chrome-clear-or-flush-the-dns-cache/

1 Like

Unfortunately I’m still seeing “server: nginx” in the response headers :thinking: I tried to clear DNS cache at the operating system level as well but no dice…

What happens if you use an incognito or private windows in Chrome or Safari?

@Cyb3r-Jak3 Same result unfortunately

Weird. I am also seeing that it is using Cloudflare no matter the browser. If you have curl available, then I would try using that in verbose mode to see the headers and IP of the request

curl -I https://av-northern-apps.com/js/agecheckerplus_mG35tH2eGxRu7PQW.js

HTTP/2 200
server: nginx
date: Fri, 13 May 2022 01:06:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 76263
last-modified: Thu, 12 May 2022 04:01:20 GMT
vary: Accept-Encoding
etag: "627c8690-129e7"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes

Curl is reporting “server: nginx” as well

Try curl -vI https://av-northern-apps.com/js/agecheckerplus_mG35tH2eGxRu7PQW.js as that will show the IP that curl is trying.

curl -vI https://av-northern-apps.com/js/agecheckerplus_mG35tH2eGxRu7PQW.js

*   Trying 161.35.51.60...
* TCP_NODELAY set
* Connected to av-northern-apps.com (161.35.51.60) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=agechecker-northern-apps.com
*  start date: May 12 03:09:34 2022 GMT
*  expire date: Aug 10 03:09:33 2022 GMT
*  subjectAltName: host "av-northern-apps.com" matched cert's "av-northern-apps.com"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fcc3480d600)
> HEAD /js/agecheckerplus_mG35tH2eGxRu7PQW.js HTTP/2
> Host: av-northern-apps.com
> User-Agent: curl/7.64.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200
HTTP/2 200
< server: nginx
server: nginx
< date: Fri, 13 May 2022 01:20:33 GMT
date: Fri, 13 May 2022 01:20:33 GMT
< content-type: application/javascript; charset=utf-8
content-type: application/javascript; charset=utf-8
< content-length: 76263
content-length: 76263
< last-modified: Thu, 12 May 2022 04:01:20 GMT
last-modified: Thu, 12 May 2022 04:01:20 GMT
< vary: Accept-Encoding
vary: Accept-Encoding
< etag: "627c8690-129e7"
etag: "627c8690-129e7"
< x-xss-protection: 1; mode=block
x-xss-protection: 1; mode=block
< x-content-type-options: nosniff
x-content-type-options: nosniff
< accept-ranges: bytes
accept-ranges: bytes

<
* Connection #0 to host av-northern-apps.com left intact
* Closing connection 0

Yeah, as suspected it appears that your DNS is still cached, probably somewhere upstream. 161.35.51.60 is not in Cloudflare’s Range and is DigitalOcean.

You can either let is expire naturally or try changing your DNS servers.

1 Like

You are either running split brain DNS or have a caching issue. If you do a dig for your hostname what IP address is returned?

Compare that to a dig @8.8.8.8 or 1.1.1.1

After reading Exclude specific IPs from caching? it seems like checking for a hosts file entry might be worthwhile, too, just to be sure.

dig av-northern-apps.com

; <<>> DiG 9.10.6 <<>> av-northern-apps.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52667
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;av-northern-apps.com.		IN	A

;; ANSWER SECTION:
av-northern-apps.com.	300	IN	A	161.35.51.60

;; AUTHORITY SECTION:
av-northern-apps.com.	94008	IN	NS	ns-1470.awsdns-55.org.
av-northern-apps.com.	94008	IN	NS	ns-1591.awsdns-06.co.uk.
av-northern-apps.com.	94008	IN	NS	ns-33.awsdns-04.com.
av-northern-apps.com.	94008	IN	NS	ns-643.awsdns-16.net.

;; Query time: 72 msec
;; SERVER: 206.248.154.22#53(206.248.154.22)
;; WHEN: Thu May 12 19:07:27 PDT 2022
;; MSG SIZE  rcvd: 201

The authority sections seems to be listing the old name servers

Your upstream provider or local resolver is caching old results .

2 Likes

@jwds1978 @Cyb3r-Jak3 Thanks for the help guys. Any clue how long before the stale cache expires?

Try again in 26 hours.

2 Likes

What @thedaveCA said, try again in 26 hours or so. Also, you may want to use a different DNS resolver.