Game server gets blocked to any cloudflare destinations
Hi, I help run a FiveM game server, which has quite a number of active players reaching peak 600 each week. We have multiple intergrations like Discord Webhooks, Tebex and other destinations all behind cloudflare which we can't control.
Sometimes we randomly get blocked from making ANY requests to Cloudflare website, Discord, Tebex or any other website that's utilises Cloudflare CDN (proxy).
Is there anyway to workout what causes this, as we can't seem to find any treads to what makes this happen. Our proxied domains to the game server keep working, so inbound requests from Cloudflare work as expected, but anything new outbound connections just get blocked (time out).
Is anyone able to help here?
16 Replies
run mtr to find out where in the route its failing, could be cloudflare but could also be your ISP
some hosting providers will incorrectly identify game traffic as ddos and null route the traffic, which is unhelpful
We have another server on the same provider that doesn't get the issue when it happens. No players drop when the issue is happening, so it's not an overall routing issue.
I can get a traceroute done next time tho.
by the way, when it happens, is it a 403 response from these sites or does the network level fail
Since any proxied connections from Cloudflare still work, I assume the routing will be ok, otherwise those wouldn't work.
What happens is player connects via the CF proxy, which does a little handshake then offers up the direct server IP to connect with.
no reponse at all, times out
ah
then yeah mtr/traceroute would be the first step, even if you have another server at the same provider it could be something at a particular router (literally anywhere in the path between your server and cloudflares) or some block specific to that servers IP
I'll get one done at the same time when it happens next.
We also changed IP recently, to see if it would help but the same
I assume CF is blocking the certain IP, due to many requests happening, but their all legitimate
Is there a global rate limit for CF?
I can't seem to find one myself.
there isnt, the only way youll be blocked across every zone is if you trigger the ddos protections
which are dynamic and hard to predict
I do wonder if they think we're DDOSing
its possible, a network-level ddos false positive would lead to timeouts indeed, but hard to say without more info (such as mtr/traceroute)
I'll try grab that next, wouldn't surprise me if that is the case
youd have to be levying some serious traffic throughput to get that to happen, unless their detections are broken
oh btw if you can take a "clean" mtr/traceroute when things are working that might help to compare later
Yeah I'll get those done 🙂
for future reference when it break, that trace with it working
Just had CF blocked traffic
And short while of it being no connectivity it's back and trace is now.
Traffic is entering cloudflare, so not getting an issue on my side of the connectivity.
Thoughts?
@Erisa not sure if you've seen this or not 😊
Anyone got any ideas?
We still get this issue time to time.