Need help? Check out our Support site, then


WordPress.com Forums » Support

12

Does WordPress.com block/limit traffic coming through CloudFlare?

  1. sparkanthologyeditor
    Member

    I use CloudFlare to manage my content caching, DNS, Google Analytics, etc.

    In the past couple of weeks, when I see an uptick in traffic to my site, I soon find that requests coming through CloudFlare fail with the error that my site (sparkanthology.org) is offline.

    As soon as I go to CloudFlare and turn off everything but DNS, my site works fine again; if I wait an hour or so, I can turn back on the routing through CloudFlare and everything works fine again (until the next time).

    Does anyone have any thoughts or insights into this behavior?

    The blog I need help with is sparkanthology.org.

  2. raincoaster
    Member

    I know that Cloudflare itself had some problems last week: it hosted several sites which were attacked and downed, and there may have been a spillover effect to other services like DNS. I'm afraid that's all I can suggest.

  3. sparkanthologyeditor
    Member

    Thanks! DNS itself seems unaffected; it's only when traffic flows through CloudFlare for caching and insertion of Google Analytics (and would therefore potentially be seen by WordPress as coming from CloudFlare's IPs) that I have the problems.

    I have not had any issues with this setup in the past six months, so it's strange for either services to be acting strangely now—whether this is caused by WordPress or CloudFlare.

  4. softwaretrading
    Member

    I've started experiencing the same thing starting on Friday. I raised a ticket with cloudflare, and they are saying that wordpress.com is not allowing them to view the latest version of the pages. Let me know if you come across a solution to this problem (other than turning off cloudflare), as I find cloudflare's google analytics to be very useful and their cacheing to work reasonably well too, in terms of performance.

  5. sparkanthologyeditor
    Member

    I'll definitely post here if I find an actual resolution, but so far it's just a bunch of finger pointing. :)

    What's fascinating is that I have two other WordPress.com sites with traffic flowing through CloudFlare; each of those sees fewer than 50 hits per day and they never seem to be affected.

  6. 1tess
    Moderator

    Note to all:
    more info on this now closed thread:
    http://en.forums.wordpress.com/topic/issues-with-cloudflare-on-wordpresscomallowing-an-ip-address-range?replies=5&message=closed

  7. sparkanthologyeditor
    Member

    Based on the notes in the now-closed thread referenced above, it is worth noting that in my DNS configuration on CloudFlare, I have tried both A record DNS entries for sparkanthology.org and CNAME record entries pointing sparkanthology.org to lb.wordpress.com. I currently have it set so that sparkanthology.org is a CNAME of lb.wordpress.com, and nslookup returns the same results for sparkanthology.org and sparkanthology.wordpress.com.

    All of the entries I've tried work perfectly for actual name resolution, so I don't think it's simply a "WordPress does not provide static IP addresses" problem or anything of that nature. The problem only occurs when traffic to sparkanthology.org goes through the CloudFlare servers so they can inject the Google Analytics scripts.

    It's also worth noting that anyone using CloudFlare for their DNS and traffic management is necessarily a paid upgrade user on WordPress.com, since otherwise we'd have no custom domain mapping to work with.

  8. sparkanthologyeditor
    Member

    Wow, I didn't realize that these forums don't allow inline code using the backtick. Sorry for that horrific formatting; I was just trying to highlight domain names and their settings, not create a column of unreadable text.

  9. timethief
    Member

    Posting a screenshot for Staff may be the way to go. Please post screenshot, upload it to your Media Library, and return to this thread to provide the file name so Staff can examine it.

  10. 1tess
    Moderator

    The backticks here are for displaying html code. Your use was not actually html code. Did I fix it properly?

  11. sparkanthologyeditor
    Member

    Screenshot of ... what? Current settings? Errors caused by potentially bringing my site offline by turning CloudFlare back on?

    Let me know what the screenshot should contain, and I'll be happy to provide it.

  12. 1tess
    Moderator

    I think she was referring to your code. Did I fix it properly?

  13. sparkanthologyeditor
    Member

    Yep, 1tess, that's much better. Thanks!

    (I was instinctively using StackOverflow formatting, where backticks let you mark a word or phrase of text as code "inline," without setting it off as its own code block.)

  14. softwaretrading
    Member

    By the way, I have disabled cloudflare (currently only using it for DNS resolution), and I am still getting timeouts. I'm monitoring my uptime with pingdom (as always).

  15. softwaretrading
    Member

    To be precise, I've had 11h30m downtime during the last week starting with Feb16, with 81 failures (93.55% uptime over the last 7 days). Happy to upload a screenshot of my pingdom monitor if it helps.

  16. softwaretrading
    Member

    Hi there is there any update on this?

  17. timethief
    Member

    No there's isn't and there's another thread waiting for Staff as well here > http://en.forums.wordpress.com/topic/i-get-the-message-httpb2btechcopycom-is-down?replies=21

  18. endohope
    Member

    I'd like a resolution to this as well, as my site was taken down for a couple of days due to this issue. Had to turn Cloudflare off entirely.

  19. macmanx
    Happiness Engineer

    We can't really support Cloudflare here, as we only support domain mapping via name servers. We do not have static IP addresses, which makes pointing Cloudflare to your blog (via an A record to an IP address) problematic at best.

    To explain briefly, we have a growing number of datacenters with thousands of servers between them. WordPress.com is already built on top of a cloud architecture, so when one server goes offline, everything is routed over to another transparently. When your domain is mapped to us by name servers, this all happens automatically.

    With Cloudflare, you're directing the domain to one IP. If that server/IP goes offline, so does your site, there's nothing we can do about that.

    There's a bit more involved, but that's the short version.

    If you want consistent performance with a mapped domain on WordPress.com, you'll need to direct the name servers to us.

    http://en.support.wordpress.com/domains/map-existing-domain/

  20. softwaretrading
    Member

    @macmanx,

    What I don't understand is why this worked (support for cloudflare) for quite a while, and then suddenly just stopped.

    Moreover, even with cloudflare turned off to prevent any potential conflicts, my site availability was 69% and 72% (EU and US) over the past week, despite being pretty much 100% for a long time.

    I've been a blog owner here for a number of years with minor paid upgrades, referred wordpress.com many times, and I've never seen anything close to this.

    If you don't want to support cloudflare, is there any plan to use something like nginx to speed up the sites, as response times on their own so-so. This is important not only from the point of view of SEO but also blog reader experience.

    Is there any way that we can get a few IP addresses to put into cloudflare, to bypass the DNS problem, and see if that is good enough to keep this going?

    Thanks
    Luke

  21. macmanx
    Happiness Engineer

    What I don't understand is why this worked (support for cloudflare) for quite a while, and then suddenly just stopped.

    It looks like we retired the IP address that you had your A Record directed to. As WordPress.com is a cloud-based infrastructure, we cannot guarantee 100% uptime for every server or IP, but we can guarantee fairly solid uptime for the entire system as everything can easily fail-over to another server/IP. If you're mapping to a specific IP, you'll be left behind when that happens.

    Your name servers are directed to Cloudflare, so your DNS is controlled by Cloudflare. We can't control where your connection goes if it's directed to a single IP, even if that IP has been retired. If you direct your name servers to us, we have control over the DNS, and that's how we can redirect everything if a server or IP goes offline.

    Moreover, even with cloudflare turned off to prevent any potential conflicts, my site availability was 69% and 72% (EU and US) over the past week, despite being pretty much 100% for a long time.

    Turning off Cloudflare's features don't change anything. If your name servers are still directed to Cloudflare, it means you're directed to a single IP here via an A Record, and that leaves you open to the same problem described above.

    If you don't want to support cloudflare, is there any plan to use something like nginx to speed up the sites, as response times on their own so-so.

    WordPress.com actually runs on nginx.

    Is there any way that we can get a few IP addresses to put into cloudflare, to bypass the DNS problem, and see if that is good enough to keep this going?

    No, there are over a hundred of them, and we cannot guarantee their availability. We can pretty much guarantee the availability of the entire system and its fail-overs (moving traffic to another server when one fails), but we cannot guarantee the availability of one single component, which is why mapping to a single IP via A Record is a very bad idea.

  22. sparkanthologyeditor
    Member

    There is a difference, of course, between "not supported" and "actively blocked."

    If WordPress does not support off-site DNS but does not actively block traffic coming through CloudFlare, the problem is with CloudFlare and we assume all risk for traffic routing because we choose to host our DNS entries in a non-recommended manner.

    Even today, if we set our DNS entries on CloudFlare but do not enable any CloudFlare services, traffic flows to the WordPress.com blogs perfectly. This is true whether we use multiple A records or simply set a CNAME pointing customdomain.com to lb.wordpress.com.

    When CloudFlare services are activated, all traffic to our blogs goes first through the CloudFlare servers for caching, additional statistics, etc., which means that it would appear to WordPress.com as though it were originating from the CloudFlare servers.

    Or, depending on the type of malevolent traffic detection being used, it may appear to WordPress.com that the request is being spoofed.

    What we're trying to identify, since this problem is so new (remember that it has worked flawlessly for months for all of us), is whether WordPress.com servers are seeing the traffic from CloudFlare as potentially malevolent (or in violation of some terms of service) and actively blocking it. If so, we can either work toward or resolution or have WordPress.com explicitly state, "We do not allow traffic that comes from CloudFlare because [it triggers our network protection systems too easily|it violates TOS | we just don't like it]." All of those are okay, so long as we know the policy and can make an informed decision.

    If, on the other hand, you tell us "We do not and cannot support off-site DNS or services such as CloudFlare, but we do not block such traffic, either. If you choose to use CloudFlare, you are on your own for issues related to your domain's traffic," then we know that it's time to push back on CloudFlare and let them know that you are NOT blocking traffic from their servers, and it's time to point the finger away from WordPress.com and back at them.

    Can you please help us determine which of those two is closer to the official stance, so we know what to do next?

    Many thanks,
    Brian Lewis

  23. sparkanthologyeditor
    Member

    Ah, looks like you replied while I was typing. I think that you've pretty well hit on what I was asking.

  24. macmanx
    Happiness Engineer

    You're welcome!

    Just to clarify in case anyone else stumbles across this, we don't block Cloudflare, but the IP address you were mapping to was retired.

    So, it wasn't blocked, it was just going quite literally nowhere.

  25. timethief
    Member

    @macmanx
    Thanks for the clarity. Bookmarked.

  26. macmanx
    Happiness Engineer

    You're welcome!

  27. softwaretrading
    Member

    @macmanx,

    What if lb.wordpress.com is a cname, as mentioned by @sparkanthology? Apologies, I don't understand DNS in that much detail. This is actually how cloudflare suggest that this be done in their FAQs. Is lb the server that got retired? Could that work in theory, without being too disrputive to the approach you are using?

    Luke

  28. macmanx
    Happiness Engineer

    That's the same issue, in this case it's directed to a single server, not a single IP. It's just as bad though.

    We don't support using CloudFlare for your WordPress.com site, for several reasons:

    1. Their method of pointing your domain to your WordPress.com site requires using an IP address or specific server, which we don't support. Your site does not have a static IP address or specific server. Instead, requests to load your site are shifted between several IP addresses and servers in order to balance the demand on servers. This means that specifying an IP address or server won't work.

    2. The features of their cloud-based infrastructure simply duplicate the infrastructure already being provided to you by WordPress.com, such as:

    * CDN's (Content Delivery Networks) that deliver your site content from the location closest to your visitor
    * Caching/optimizing files for faster loading times
    * Security measures protecting your site from denial of service attacks and other forms of hacking/malware
    * Site stats, including search engine terms and incoming link referrers, that are easier to read than Google Analytics

    You can direct your domain back to your WordPress.com blog by changing your name servers to:

    NS1.WORDPRESS.COM
    NS2.WORDPRESS.COM
    NS3.WORDPRESS.COM

    If your domain is registered with us, you can change your name servers following this guide: http://en.support.wordpress.com/domains/change-name-servers/

    If there are other features you were interested in using via CloudFlare, besides the ones listed above, can you let me know more about what you're trying to do? I'll be happy to help you learn more about the equivalent feature on WordPress.com.

  29. sparkanthologyeditor
    Member

    The single most important feature (to me) enabled by using CloudFlare is Google Analytics. It provides a very different perspective into traffic statistics, and allows me to do detailed traffic-flow exploration that is simply not possible with WordPress site statistics (which I also use daily, as an overview).

    WordPress statistics are improving; the addition of "Number of Visitors" was a huge step forward. However, they're no match for the insights I gain with Google Analytics.

  30. macmanx
    Happiness Engineer

    Yes, that's one of the very few things that we can't match at this time. We are working to improve stats though, and exploration-related stats are on the roadmap.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags