The Email
![](/2022/04/2022-04-07-cloudflare-analytics-email.jpg)
March 2022 Analytics Snapshot
We’ve aggregated data from 26 of your Cloudflare sites during the month of March. Cloudflare served 788.57 GB of data, and mitigated 2.04k firewall events.
I was like “wow, that’s a lot more data than usu… wait, over a ¿BILLION REQUESTS FROM JAPAN!?!?!?
For comparison, February 2022’s stats had 183.7 GB of data and 214 million requests from Japan. Ok, that’s still a load of requests, but 4x as much is weird.
Also, A. BILLION. requests.
What’s changed?
I know what domain’s getting the traffic, but as for what’s changed about it - I’m honestly not sure. I surely haven’t done anything! In pondering the issue and writing this, I went back looking for what data I could find.
I keep all my emails because I’m like that, so I went back and grabbed a few stats emails. The domain was added to my Cloudflare account on 2020-11-28, and took a week or two for me to get running again to do the redirection thing… here’s the stats over time for my account (I don’t get domain-level stats, I can’t afford to pay for them!).
Most of the traffic typically has come to/from this blog or boryssnorc.com, a photos-laden travel blog.
Month | Total Data | Requests (JP) | Requests (USA) | Requests (China) |
---|---|---|---|---|
July 2020 | 141.6 GB | Not listed | 333,588 | 16,127 |
August 2020 | 138.37 GB | Not listed | 207,701 | Not listed |
December 2020 | 14 GB | Not listed | 187,179 | Not listed |
December 2021 | 22.85 GB | Not listed | 1,222,551 | 3,531,231 |
January 2022 | 64.49 GB | 56,851,426 | 1,640,193 | 986,683 |
February 2022 | 183.7 GB | 214,536,904 | 1,015,310 | 1,033,670 |
March 2022 | 788.57 GB | 1,018,691,300 | 1,049,801 | 1,137,785 |
In July/August, the top source of data was Australia, because… reasons?
Of course, because I didn’t think to look while the data was available in the UI, the good bit’s cut off!
![](/2022/04/2022-04-07-cloudflare-analytics-graphs.jpg)
The view from Cloudflare
The domain
Oh, the domain? It’s melbourneitmirror.net
. Melbourne IT was one of the first big registrars/hosting companies in Australia and they had a need for a local mirror, so they also made it publicly available.
I inherited the domain while at my previous job, when they were going to terminate the hosting and just let the domain lapse because ~8TB of fast disk is a lot to keep running.
I didn’t have the space/bandwidth to support a full mirror, and there was loads of traffic still going there, so I set up a little Flask app that returns HTTP 301 (Moved Permanently) responses to other mirrors. That should work for any sensible client, but … I guess it’s not for some! There’s always been a lot of requests, most of which I rate-limited by dropping (or trying to send other HTTP status codes) but they just. keep. coming. back.
Splunking the data
Of course I want to use Splunk to analyse the data, so I spun up some Python scripting to pull it. It’s in yaleman/cloudflare-stats if you’re interested.
tl;dr query all the zones, then query the GraphQL endpoint for analytics - do it every ~24 hours because that’s all I get, if I want hourly stats.
It was a pretty chill start to the year, and then… March got spicy!
![](/2022/04/2022-04-07-stats-splunked.jpg)
Daily stats, Bytes and Requests
Thankfully, most of the requests are cached on Cloudflare’s network! Only about 10-100MB a day is actually served from my web server via the Cloudflare Tunnel, not exposing my server to the internet directly!
![](/2022/04/2022-04-07-stats-requests-caching.jpg)
Here’s a sample, normally the cache percentages are lower because people ask for a lot of random file paths…
Date | Requests | Bytes (total) | Cached Bytes | Bytes per Request (avg) | Cached % |
---|---|---|---|---|---|
2022-03-01 | 210,877 | 189,972,294 | 129,849,558 | 900.9 | 68.4 |
2022-03-02 | 2,006,433 | 1,533,911,022 | 1,473,816,661 | 764.5 | 96.1 |
2022-03-03 | 24,308,492 | 18,442,721,223 | 18,366,206,975 | 758.7 | 99.6 |
2022-03-06 | 89,477,491 | 67,880,146,554 | 67,812,834,089 | 758.6 | 99.9 |
2022-03-08 | 78,312,708 | 59,538,858,921 | 59,475,563,516 | 760.3 | 99.9 |
2022-03-09 | 89,187,377 | 67,671,616,289 | 67,604,187,924 | 758.8 | 99.9 |
2022-03-11 | 70,421,731 | 53,354,587,796 | 53,289,929,521 | 757.6 | 99.9 |
2022-03-12 | 22,613,190 | 16,931,149,088 | 16,863,985,370 | 748.7 | 99.6 |
2022-03-14 | 46,270,462 | 34,947,877,973 | 34,868,567,296 | 755.3 | 99.8 |
A peak of nearly 90 million requests on each of the 6th and 9th are pretty spectacular.
All in all, a bit of an achievement, I guess?
I’d really love to know what’s changed in Japan - did someone shut down some mirrors in early March?