Crucial Hosting

Sucuri.net Backend Timeout Message

This article fully explains the Sucuri.net Backend Timeout Message really works and why your website may not be able to use Sucuri

  • Applies To: All Services
  • Difficulty: Easy
  • Software Required: Magento & Sucuri.net WAF
AWS
This article was last updated on Feburary 9th, 2017

Backend Timeout Message

Are you having issues with your website when using Sucuri.net? Is it displaying a Sucuri error page with the backend timeout message like this?

Sucuri.net closes connections after 180 seconds

Sucuri.net will wait for an HTTP response from your website for 180 seconds (3 minutes). At 181 seconds Sucuri.net appears to improperly close their TCP connection to the web server without any notification of this action on their part other than their vague 504 error message page provided above.

A 504 error states that Sucuri.net was able to successfully make a TCP connection to the host (the web server is up, connection to the web server was successful), but the web server did not reply with an HTTP response before the 180 second connection timeout enforced by Sucuri.net. Sucuri.net claims this timeout to be for "Security", though this is flawed logic at best since many modern applications have operations that may take longer than 180 seconds - Magento, for instance.

Sucuri.net appears to intentionally obfuscate the reason for this error and provides zero useful information on their 504 error message page as you can see from the screenshot above. Sucuri immediately suggest to contact your host instead of truthfully stating that SUCURI TIMED OUT the connection after 180 seconds, not the web server, after the arbitrary, non adjustable 180 second timeout limit Sucuri.net imposes on all connections.

Carefully read the Sucuri.net 504 error page and notice Sucuri.net's 'Shift Blame' tactic to immediately place blame on the the web host, when the reality is Sucuri.net knows very well that they successfully connected to the web server, did not receive a response in 180 seconds and Sucuri.net closed the TCP connection improperly leaving open TCP connections to the web server hanging with a recommendation to contact your web host to see if the web server is running. Of course the web server is running, Sucuri made a successful TCP connection to the web server.

What does this mean?

If no response is sent by the web site/application in 180 seconds, Sucuri.net will improperly close the connection to the web server and serve a 504 error page to the visitor, leaving the TCP connection hanging and the web server to continue processing the lengthy request not knowing the connection has been closed by Sucuri.net.

This 504 error is commonly caused by a long-running process on the web site/application, such as a PHP application or a database query which the web server must wait on before responding to a request (API call, a mysqldump locking tables etc).

Magento pages can and often do take much longer than 180 seconds to complete an operation and reply to the request made by Sucuri.net service. Magento installs with a default 'max_execution_time' of 18,000 seconds in the application's .htaccess file. Sucuri overrides this Magento default timeout setting to 180 seconds.

If you regularly run HTTP requests that take over 180 seconds to complete, one alternative is to move those long-running processes to a subdomain that is not proxied by Sucuri.net. The remaining option is to discontinue using the Sucuri service as they will not raise the 180 second timeout imposed by there for service.

Advanced users: Measuring the response time using curl

You can use the cURL utility from SSH/Terminal (on Mac OSX and Linux) to measure how long a request takes to respond. cURL has a write-out flag which allows you to print specific information about a request using custom variables.

https://curl.haxx.se/docs/manpage.html

You can use the %{time_connect} and %{time_starttransfer} variables to measure how long it takes to connect to your server, and how long it takes for your website to return a response (i.e. time to first byte) using the following:

curl -vso /dev/null -w "Connect: %{time_connect} \n TTFB: %{time_starttransfer} \n Total time: %{time_total} \n" http://www.example.com

If you want to test this directly to your host server you can do this by sending a request directly to your server IP address and passing in a host header:

curl -vso /dev/null -w "Connect: %{time_connect} \n TTFB: %{time_starttransfer} \n Total time: %{time_total} \n" -H 'Host: www.example.com' http://1.2.3.4

At the bottom of these commands you will see three fields, similar to the below:

  1. Connect: 0.123
  2. TTFB: 1.541
  3. Total time: 1.657

Connect indicates how long it took to establish a TCP connection to the server. This should generally be a fairly low value.

TTFB will indicate how long it took to generate a response from the application.

If you see the response taking longer than 181 seconds you know this will have triggered a 504 error page from Sucuri.net for exceeding their 180 second arbitrary connection time limit.

Professional hosting platform starting at $10/mo

View Plans