Help Center> Web Application Firewall> FAQs> Service Interruption Check> What Do I Do If the CPU Usage of the Origin Server Reaches 100%?
Updated on 2024-02-01 GMT+08:00

What Do I Do If the CPU Usage of the Origin Server Reaches 100%?

Symptom

The website has been added to and protected with WAF, but the CPU usage of the origin server still surged to 100%.

Possible Causes

The website may be under CC attacks.

If you find that the website loading speed decreases and network bandwidth usage surges, the website may be under CC attacks. In this case, check the number of access logs or network connections. If the number of access logs or network connections increases significantly, the website is under CC attacks.

Solution

  1. Ensure that protection rules and the policy used for the website work in the block mode.
  2. Configure a CC protection rule and set the protection path to / to protect all paths of the website. Set a high rate limit, observe the request traffic, and check whether the attack is mitigated. Then, adjust the rule based on the protection effect.

    Figure 1 Full-path protection

  3. View protection logs. Add IP addresses that have launched a large number of attacks to the blacklist and block them immediately. For details, see Configuring an IP Blacklist or Whitelist Rule

Service Interruption Check FAQs

more