Ok, while I was monitoring my worker’s logs (filtered to the last 30 minutes for security reasons), this caught my attention
What grabbed my attention is that there was a spike in CPU time per execution for approximately 10 minutes, followed by a sudden drop in requests!
So, I check for errors (to see if traffic is affected) and I see this
No errors or invocation statuses (which are considered errors with the exception of “Client Disconnected”).
However, the fact that there are just a few hundred fewer subrequests than successful requests also grabbed my attention!
I believe this is a result of an HTTPS flood that’s currently ongoing! Note that my worker doesn’t redirect (as I checked it out yesterday and I didn’t notice a redirect loop or ERR_TOO_MANY_REDIRECTS)! The link to my worker is https://www.aboutrock2.submarine.workers.dev! Does anyone know why this is occurring?
UPDATE: The CPU time per execution has significantly dropped, however keeps going up and down for brief periods of time
Another update: Another brief spike in traffic occurred, followed by a drop to 0ms
Update: The CPU time per execution is acting weird
Be advised that I have “Cron” events set to trigger every 1, 2, and 3 minutes (so I can get data quickly)!
Another update: CPU time per execution seems to have dropped to a more normal level however, it’s still peaking at times!
I’m still worried that there might be another significant spike again (like in the first screenshot)!
Update: Another spike in traffic occurred! I don’t know if it’s the attacker or people actually visiting my site!
For security reasons, I’ve now enabled logging of HTTPS requests so I can see the requests in real-time!
I’ve got a log of an HTTPS request and the request URL is strange
The URL makes me think that this is a bot performing the HTTPS flood (and not a human) though it’s still possible
This is a full list of the logs so far
Nothing suspicious has occurred since I started logging yet, though I’ll keep monitoring requests for any HTTPS floods!
sighs CPU time per execution is starting to act up, again
I want to know how to block this person (or bot) from doing this again! I’ll enable “Allow Cloudflare employees to edit my account” if I need to!
A few things have occured sincd my last reply
The attacker or attackers are performing an ongoing attack
My worker is close to hitting the 10ms limit (which will then cause my worker to go down and return errors)
The logs are useless and haven’t logged anything new since my last reply
Can someone please help me before my worker exceeds the 10ms CPU time limit and my worker goes down?
Don’t worry, you are nowhere near the CPU time limit. It will not just fail on that one-off request, you really won’t see a disturbance unless you’re consistently hitting over 10ms. So unless you see your 75th or even 50th percentile get close, you’re fine.
Honestly, there really is nothing scary or off here. A request taking a little longer isn’t a big deal. You also cannot block those ?LOWC requests as you’re using
workers.dev and do not have access to the firewall. However, if you run out of your request limit simply contact support, if they can see that an attack happened, they can reset the count.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.