The domain is proxied over cloudflare and the access log shows a large number of requests to the website from the cloudflare servers
121115 162.158.88.4 121472 162.158.89.99 121697 162.158.90.176 122265 162.158.91.97 122969 162.158.93.113 125020 162.158.91.103 126132 162.158.90.194 128913 162.158.91.25 128980 162.158.93.89 the requests were all GET / and the rate at which it is done mostly is extremely high pointing to a Layer 7 attack We cant block the cloudflare IP's on the server as other sites (its a shared hosting server) may be using Cloudflare . At the moment the target IP on the server is blocked at the network level.Luckily the domain was using a dedicated IP As I already said, Apache handles this pretty well , the only small issue I see is the server load getting a bit above normal and the Apache scoreboard getting filled up, but with Nginx the entire webstack freeze with the CLOSE_WAIT state and ESTABLISHED state extremely high and we can bring back things to normal only after disabling Nginx . Once Nginx is disabled, the CLOSE_WAIT and ESTABLISHED states clear off immediately too Posted at Nginx Forum: https://forum.nginx.org/read.php?2,282613,282649#msg-282649 _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
