6

I made a website, behind CloudFlare, and sometimes I get an early terminated (nginx 499) request, which is really hard to work around in the codebase.

This happens in about 1 out of 4000 requests.

What I would like to ask is if this is normal or not? CloudFlare support told me that 499 happens when something between CF and the server drops the connection. I'm not on AWS, not on a load balancer, but on a simple VPS with direct IP connection (no virtual routers, etc.)

hyperknot
  • 651
  • 2
  • 9
  • 15

1 Answers1

6

Remember that nginx logs a 499 when, from its perspective, the client it was talking to closed the connection.

Remember also that CloudFlare is not the only thing talking to your web server. It is possible for clients to visit it directly, and many do. If you are using CloudFlare, much of this traffic is Internet background noise and the rest is malicious.

It is very possible that a client which made a direct connection to your server dropped the connection, resulting in the 499. Did you check the directly connected IP address?

As for overall, 1 in 4000 requests is pretty good. I see this a lot more often.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • Thanks for the insight. There cannot be any direct connections, as the server's IP is not published anywhere, and the listed 499 lines all have CF-Ray headers. There are barely any lines in the default server access log (returning 444). What I found out is that this really depends on the length of the request. So while it's 1 out of 4000 out of all requests, it happens a lot more for a /register endpoint which sends an email in sync. I guess making that a background job would solve a lot of these 499 errors. – hyperknot Apr 05 '16 at 00:51
  • 2
    It doesn't matter if you published the IP anywhere. Bots will still connect directly, as they scan every IPv4 address. Doing anything long-running in a background job is a good idea, of course. – Michael Hampton Apr 05 '16 at 01:07