CDN is down!

Hello!

Apologies for the issue you are having. We see this from time to time because some web hosting providers try to maximise resource allocation by trying to “detect” automated traffic from IP addresses that they dont feel is legitimate traffic.

Sometimes this happens to our CDN (And others I’m sure). Each CDN endpoint will “fetch” the request from your web host and store it in memory until it expires. The fetching that happens may be considered automated “bot” traffic by your web hosting provider.

This doesnt happen for all endpoints, but the busier ones may hit whatever threshold your web hosting provider has, as is evidence when I check one of our endpoints to try to get your website :

Resolving <your website> (<your website>)… x.x.x.x, ::1
Connecting to <your website> (<your website>)|x.x.x.x|:443… failed: Connection refused.
Connecting to <your website> (<your website>)|::1|:443… failed: Network is unreachable.

You can reach out to your web host to confirm this. They may ask for a list of IP addresses to whitelist , depending on your policies. You can contact us directly or message here if you need that list.

Thank you!

Since a month, I am getting an 502 error on cdn. It is not working. I have five domains, all the same behaviour.

Hello,

As per my previous response , it looked like your web host was mistakenly identifying the CDN “fetch” request as automated bot traffic and blocking it.

Its best if you reach out to your web hosting provider to remove this security option. If they request a list of IPs to whitelist, let me know and I can send that to you directly.

I am the hosting provider… Than please tell me where to find the IPs for a whitelist. In my logs there is nothing blocked from or to shift8cdn.com. Also your system responses with a 502, who should that be the case if I where blocking something? Take a look: https://jtyr4a2vlqh6.cdn.shift8web.com/wp-content/plugins/shift8-cdn/test/test.png

Hello,

The backend proxy fetch is failing resulting in the 502 gateway error. If I just try to wget the test file from your site directly, this is what I see :

curl -v <your site>/wp-content/plugins/shift8-cdn/test/test.png
About to connect() to <your site> port 443 (#0)
Trying x.x.x.x…
Connected to (x.x.x.x) port 443 (#0)
Initializing NSS with certpath: sql:/etc/pki/nssdb
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
NSS error -12190 (SSL_ERROR_PROTOCOL_VERSION_ALERT)
Peer reports incompatible or unsupported protocol version.
Closing connection 0
curl: (35) Peer reports incompatible or unsupported protocol version.

Looks like an SSL configuration issue on your side?

If I use Qualsys SSL Labs free online SSL checker, and enter your website address, the attempt just times out.

Then I found another free SSL certificate checker and ran it against your site, it works and validates correctly. So maybe my original assessment is still happening somehow. Your welcome to double check but the first thing I always check when looking into these types of problems is can I just wget that test file directly from the command line of one of the CDN endpoints, and I cannot so that usually rules out a lot.

Very interesting. It seems to be working, after I have changed the Cipher Suite for TLS 1.3.

Our CDN endpoints , in order to connect, may have a baseline best practice minimum requirement to consier an SSL connection valid. I’m happy you were able to figure out the issue!