Exact response of DigitalOcean Firewall to repeated identical requests
I have a web server with its own iptables firewall. I’ve recently added a DigitalOcean Cloud Firewall as an additional layer of protection, particularly for SSH which is now only accessible via a bastion.
Cloud Firewall config
<redacted non-standard SSH port> bastion-only
80, all IPs, TCP
443, all IPs, TCP
<redacted, hopefully not relevant>
I host an app which is embedded in a major eCommerce platform. That embedding process means that customers, when logging into their stores on that platform, may submit to me an expired access token. I reallocate the token, respond and they resubmit. Because it’s iframed and brokered by the eCommerce platform, this can legitimately happen several times in a row (4 legit requests) that eventually culminate in a successful login.
I think there’s a setting in the Cloud Firewall that’s reacting to the repeated submission of the same request (identical URL and HTTP method) from the same sender. I think it’s delaying the packets by something like 60 seconds.
To verify this, I conducted this test:
- Add DO firewall
- Test embedded app speed, verify slow.
- Remove DO firewall
- Test embedded app speed, verify fast.
I repeated this 5 fives in order to come to my conclusion. It supports but does not prove my assertion.
- Can anyone with inside knowledge (hello DO!) verify this how the Cloud Firewall is configured?
- Can anyone advise on any configuration changes I can make, short of removing the Cloud Firewall altogether, to stop it slowing down these false-positives please?
I’ve looked at this question, but it seems to be unrelated: