Optimizing Asus Routers for Serving Websites With Cloudflare

May 5, 2019

I’ve been serving this site and several others from a personal physical server frontended by Cloudflare rather than using a cloud provider like AWS. One of the things that’s always been a bother has been dealing with dropped packets and in particular, 522 errors from cloudflare. I’ve tried a lot of different things such as changing the netdev budget but one of the things that I think really solved it was looking through my router settings (I have an Asus RT-AC68U) and modifying the firewall to remove DoS protection. It turns out that the DoS protection has been dropping packets for legitimate traffic, and since I use Cloudflare, all web traffic is encrypted and comes from a limited set of Cloudflare IP addresses which probably makes it hard for DoS to recognize the traffic as legitimate.