Beware This Unfortunate CloudFlare Issue

Feb 13, 2012

If you haven't heard of CloudFlare, it's a fantastic idea and in most cases it does exactly what it's supposed to - speeds up your website's load times, lowers server load, and increases security and reliability. Unfortunately, however, there are times when it does the exact opposite.

A Real-Life Example

On this site, after activating CloudFlare, I started noticing that the category pages (blog sections) would take forever to load. Before putting two and two together, I tried everything - tweaking the MODX templates to minimize snippet calls & output filters, toggling plugins and scripts, you name it - I spent hours on it. Then it dawned on me that maybe it wasn't a PHP or MODX thing at all. So I submitted one of the affected URLs to seo-browser.com and it reported that the server was not handing out connections at the affected URLs! The requests to CloudFlare's servers were being denied, timing-out, and then they would redirect to the originating server, which would load the page, but a full 60 seconds too late!

Then I remembered that before this issue arose, some of these pages were returning errors in the HTTP response headers, because in MODX these blog sections are containers. With a trailing slash at the end of the URL, I think CloudFlare treated them as web directories, and requesting the directory by URL is suspicious according to their security algorithms. At that time I lowered the security settings on CloudFlare, hoping to disable the faulty response headers. It didn't work - in fact it made it worse, producing this "connection denied" issue.

Result

In the end, CloudFlare had to be completely disabled to get the site to work properly. As soon as I did this, the site loaded up perfectly, so CloudFlare is guilty as charged. Hopefully they tweak this behaviour soon...I will miss it in the meantime :(

***UPDATE: CloudFlare has been really responsive, and so has my hosting provider SkyToaster. After some further testing, I can confirm the "trailing slash" hypothesis is incorrect. I've installed CloudFlare on other MODX sites that use the same FirstChildRedirect snippet in parent containers, and as CloudFlare suggested, it's not an issue at all. Still searching for the real source of the problem, and will update again when I know more :) END UPDATE***

***UPDATE: After re-enabling CloudFlare for the last 24 hours, it seems the problem has largely "gone away". YAY! I'll have to keep a close eye on it, as we never really nailed down the source of the problem, except that maybe CloudFlare was stuck behind the firewall on the server...??? For now, this site is back on their incredible CDN :)  END UPDATE***