DigitalOcean

Report this

What is the reason for this report?
Question

Exact response of DigitalOcean Firewall to repeated identical requests

Posted on August 26, 2019
DigitalOcean Cloud Firewalls
Firewall
DigitalOcean
Alex Stanhope

By Alex Stanhope

Problem

I have a web server with its own iptables firewall. I’ve recently added a DigitalOcean Cloud Firewall as an additional layer of protection, particularly for SSH which is now only accessible via a bastion.

Cloud Firewall config

Inbound

<redacted non-standard SSH port> bastion-only 80, all IPs, TCP 443, all IPs, TCP

Outbound

<redacted, hopefully not relevant>

Background

I host an app which is embedded in a major eCommerce platform. That embedding process means that customers, when logging into their stores on that platform, may submit to me an expired access token. I reallocate the token, respond and they resubmit. Because it’s iframed and brokered by the eCommerce platform, this can legitimately happen several times in a row (4 legit requests) that eventually culminate in a successful login.

Hypothesis

I think there’s a setting in the Cloud Firewall that’s reacting to the repeated submission of the same request (identical URL and HTTP method) from the same sender. I think it’s delaying the packets by something like 60 seconds.

Testing process

To verify this, I conducted this test:

  • Add DO firewall
  • Test embedded app speed, verify slow.
  • Remove DO firewall
  • Test embedded app speed, verify fast.

I repeated this 5 fives in order to come to my conclusion. It supports but does not prove my assertion.

Question

  1. Can anyone with inside knowledge (hello DO!) verify this how the Cloud Firewall is configured?
  2. Can anyone advise on any configuration changes I can make, short of removing the Cloud Firewall altogether, to stop it slowing down these false-positives please?

Similar questions

I’ve looked at this question, but it seems to be unrelated: https://www.digitalocean.com/community/questions/cloud-firewall-too-slow



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Matt Cowley
Matt Cowley
May 12, 2020

Hey @alexstanhope,

Sorry for the incredibly long delay here! :/

Our network team have just replied on our internal ticket and aren’t really sure what’s going on with the details you’ve given.

They’re asking if you could please create a ticket with our support team so that they can request specific logs from you etc.

https://www.digitalocean.com/support/

Hope that helps, - Matt.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.