app/notes/20190505-2334.md
Optimizing Asus Routers for Serving Websites With Cloudflare
asus-cloudflare
1557099269
I've been serving this site and several others from a personal physical server
frontended by Cloudflare rather than using a cloud provider like AWS.
One of the things that's always been a bother has been dealing with dropped
packets and in particular, [522 errors from cloudflare](https://support.cloudflare.com/hc/en-us/articles/200171906-Error-522-Connection-timed-out).
I've tried a lot of different things such as [changing the netdev budget](https://blog.cloudflare.com/the-story-of-one-latency-spike/)
but one of the things that I think really solved it was looking through my
router settings (I have an Asus RT-AC68U) and modifying the firewall to remove
DoS protection. It turns out that the DoS protection has been dropping packets
for legitimate traffic, and since I use Cloudflare, all web traffic is encrypted
and comes from a limited set of Cloudflare IP addresses which probably makes it
hard for DoS to recognize the traffic as legitimate.