CD
Cloudflare Developers4mo ago
loweehahn

HTTP 499 recorded in Cloudflare but not in Nginx Logs

We're randomly experiencing legit requests being served HTTP 499 by Cloudflare. They were not logged by Nginx, meaning the requests never reached the origin. Not due to caching. What can I do to find out the root cause?
9 Replies
Laudian
Laudian4mo ago
Could you first check the response headers to see where the 499 is coming from?
loweehahn
loweehahnOP4mo ago
@Laudian how do I check the response headers from Cloudflare? @Leo I only see the 499s from Cloudflare's Analytics & Logs > HTTP Traffic.
Erisa
Erisa4mo ago
seeing 499s in the analytics is normal and expected, client connections will break abruptly for a variety of legitimate reasons. unless your users are reporting seeing them in their browser, there's nothing to worry about
loweehahn
loweehahnOP4mo ago
But it's disruptive. My payment gateway, Xendit is reporting random timeouts when trying to connect to my endpoint. My Nginx didn't log those requests, meaning they timed out at Cloudflare. I understand that Cloudflare has a default timeout of 30 seconds. Why would it take longer than that to reach my Nginx which is the origin?
Chaika
Chaika4mo ago
You're not understanding their messages 499 is the Client disconnecting, not the Server/Cloudflare giving up. The most common hit timeout is the Proxy Read timeout (Cloudflare waiting for your origin response) which is 100 seconds, and would show as 524 if hit. https://developers.cloudflare.com/fundamentals/reference/connection-limits/ Xendit is giving up/disconnecting for some reason, perhaps on their end they have a hard timeout at something fast, like 5 seconds, or some persistent network issue with them. You could ask them of their timeouts and if they have any more info.
loweehahn
loweehahnOP4mo ago
https://help.xendit.co/hc/en-us/articles/360038049331-How-Do-I-Reconcile-My-Webhook-through-Webhook-Tab#:~:text=xendit%20did%20not%20receive%20any%20response%20from%20your%20server%20within%2030s According to their documentation, their timeout is 30s, so that's why I'm questioning why within 30 seconds Cloudflare didn't forward the requests to my origin.
Xendit Help Center
How Do I Reconcile My Webhook through Webhook Tab?
You can use our Webhook Tab to reconcile your webhooks Webhook Tab Functions Through Webhook Tab, you can: See the history of webhook that Xendit sends to your assigned webhook URL; See the indiv...
Chaika
Chaika4mo ago
What do you see in Xendit exactly, the Timeout status or a response with a specific http status? If it is a http response and you can see response headers, seeing if CF-Cache-Status exists would be helpful
loweehahn
loweehahnOP4mo ago
The timeout info includes, timestamp, URL and the message below: 
{
    "message": "The webhook request timed out because we did not get a response from your server within 30s. Kindly check the record in your system before retrying to avoid duplicate delivery if you did not implement webhook idempotency.",
    "error_code": "ETIMEDOUT"
}
{
    "message": "The webhook request timed out because we did not get a response from your server within 30s. Kindly check the record in your system before retrying to avoid duplicate delivery if you did not implement webhook idempotency.",
    "error_code": "ETIMEDOUT"
}
I can't see CF-Cache-Status unfortunately.
Chaika
Chaika4mo ago
Makes sense since not an http response. So Xendit thinks the request took too long, and they hard killed it. Cloudflare sees that as a 499, since Xendit disconnected early Just gotta find out why your origin takes so long sometimes then. Do you have any rules or anything in Cloudflare (Workers, etc), setup on the webhook handling endpoint? You can use the "Trace" util within Cloudflare if you're not sure. Should be also able to look in your nginx normal logs for 499 client disconnects, and at potentially other logs

Did you find this page helpful?