Nginx hang and do not respond with large number of network connection in FIN_WAIT state

gnusys nginx-forum at forum.nginx.org
Fri Jan 11 04:19:10 UTC 2019


The domain is proxied over cloudflare and the access log shows a large
number of requests to the website from the cloudflare servers

 121115 162.158.88.4
 121472 162.158.89.99
 121697 162.158.90.176
 122265 162.158.91.97
 122969 162.158.93.113
 125020 162.158.91.103
 126132 162.158.90.194
 128913 162.158.91.25
 128980 162.158.93.89

the requests were all GET /  and the rate at which it is done mostly is
extremely high pointing to a Layer 7 attack

We cant block the cloudflare IP's on the server as other sites (its a shared
hosting server) may be using Cloudflare . At the moment the target IP on the
server is blocked at the network level.Luckily the domain was using a
dedicated IP

As I already said, Apache handles this pretty well , the only small issue I
see is the server load getting a bit above normal and the Apache scoreboard
getting filled up, but with Nginx the entire webstack freeze with the
CLOSE_WAIT state and ESTABLISHED state extremely high and we can bring back
things to normal only after disabling Nginx . Once Nginx is disabled, the
CLOSE_WAIT and ESTABLISHED states clear off immediately too

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,282613,282649#msg-282649



More information about the nginx mailing list