I'm building a site for user-generated local listings in a rural British community using Next.js, Supabase for the database, hosted on Vercel, and using Cloudflare for DNS. I've just put up a demo version of my site, and even though I haven't shared it widely, I'm seeing a huge spike in traffic. Specifically, Cloudflare reports 50,000 visits from 148 unique users in the last 24 hours, most of whom are from America. My Supabase API calls and Vercel function invocations are extremely high too. I suspect there's some issue, like a loop in my code or a cron job misconfiguration. Has anyone experienced this sort of thing before? What do you think could be causing this, and how can I debug the situation?
5 Answers
You're on the internet now, so unexpected traffic is part of the deal! But really, it's likely due to bots trying to access your site. I've had similar experiences with my own projects that weren't public yet.
First off, you should definitely enable Cloudflare's bot protection to fend off unwanted traffic. Make sure to configure CORS correctly and firewall your database. Check the live code to ensure it's in production mode instead of debug. Also, if you're using React or similar, look for any API calls that could be made in loops, which might lead to excessive requests. If your site should only get traffic from a certain region, consider firewalling based on geography. Adding rate limiting and securing your credentials in environment variables will help reduce this traffic. The volume could just be normal bot traffic or something sneaky like penetration testing.
You might be dealing with a bot issue or a misconfiguration in your fetch requests. Double-check Vercel and Supabase logs for any repeated IP addresses or requests to specific routes. Middleware logging headers and user agents can provide insight into who is hitting your site. This will help you figure out if it's bots or an error in your code.
It sounds like you might be facing a bot problem. I've seen cases where AI crawlers bombard a site. I recommend checking out tools like Anubis to help block this kind of traffic. It's worth it to keep an eye on patterns in your server logs to see if there are repeated requests from the same IPs. Sometimes, demo links get indexed, leading to unexpected traffic.
With so much traffic coming from such a small number of users, bots are likely the culprit. Dig into your server logs and look for patterns in the requests. Review your code for any accidental loops or fetch calls that may be triggering repeatedly. Implement basic logging to track what’s happening or even set up rate limiting to help manage the incoming traffic.
Related Questions
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads