After switching to Cloudflare for DNS and caching (CDN), we’ve discovered that Cloudflare sometimes requests connections so fast that OpenLiteSpeed servers (versions 1.7.17 and 1.7.18) block them. The Cloudflare IPs are whitelisted since OLS 1.7.13, but when Use Client IP in Header is set to Trusted IP Only, OLS passes through the original IP and applies throttling anyway. Annoyingly this happens often when accessing the WordPress back end, blocking web site changes, but it also happens sometimes during normal web site browsing, so manually whitelisting a few management IPs is not enough.
I finally found an article in the LiteSpeed documentation that explains it:
If you use CDN services with real visitor IP enabled, the IP which is forwarded from the CDN may get blocked if the soft or hard limit is too low. One way to disable such blocking or per-client throttling is to set the connection limits to very large numbers, such as 100000 and 150000, respectively.
I assume that the other method in that article, using an Apache DisableForwardedIpBan directive, would not work in OLS: according to this article, “OpenLiteSpeed supports rewrite rules, but not Apache directives.…”
From the screen shot in the first LiteSpeed article, I’m guessing I also need to set the Static and Dynamic Requests/second to 0 to disable them. So I’m trying this configuration behind Cloudflare as CDN:
