Complete Request Flow Diagram works in a web server
User Request
↓ Cloudflare DNS & WAF (Filters basic threats, caches static content)
↓
AWS Security Group (Filters non-HTTP traffic)
↓
CSF (Network-Level Firewall; blocks brute-force attacks, limits requests per IP)
↓
ModSecurity (Application-Level WAF; Blocks SQL Injection, XSS, and other attacks)
↓
Imunify360 (Deep malware scanning, AI-based bot protection)
↓
Apache (Processes Static Content & PHP Requests)
↓
PHP-FPM (Executes PHP Code)
↓
MariaDB (Handles Database Queries)
↓
Response Sent to User
With your Cloudflare DNS, AWS EC2, CSF, Imunify360, Apache, AlmaLinux v9.5, PHP-FPM, MariaDB, and PHP 8.2, the incoming request follows a structured path before serving the response. Below is a step-by-step breakdown:
1. Incoming Request from User’s Browser
A user accesses https://yourdomain.com, sending an HTTP(S) request.
2. Cloudflare DNS & CDN Handling
- Cloudflare DNS resolves
yourdomain.comto your EC2 public IP. - If enabled, Cloudflare Proxy (CDN & WAF):
- Blocks malicious traffic (via Cloudflare WAF).
- Caches static assets (reducing requests to your server).
- Forwards allowed requests to your AWS EC2 instance.
3. AWS Security (EC2 Security Group & Network Layer)
- The request hits AWS Security Groups (firewall).
- Allowed Ports: 80 (HTTP), 443 (HTTPS), 22 (SSH if needed).
- Blocked: Unwanted traffic (e.g., non-standard ports).
- AWS Network Firewall rules apply (if configured).
4. CSF (ConfigServer Firewall) on EC2
- If CSF (ConfigServer Security & Firewall) is active, it:
- Blocks blacklisted IPs.
- Restricts login attempts (brute force protection).
- Filters bad traffic before reaching Apache.
- Allows whitelisted IPs through.
5. Imunify360 (Application-Level Security)
- Once past CSF, Imunify360 scans incoming requests:
- Checks for malware and known attack patterns.
- Blocks bad bots and known threats.
- Filters suspicious traffic before Apache processes it.
6. Apache (Web Server Processing)
- Apache receives the request and:
- Handles static files (CSS, JS, images).
- Passes dynamic requests to PHP-FPM.
- Uses mod_rewrite for URL redirection (e.g., WooCommerce URLs).
7. PHP-FPM (PHP Processing)
- If the request involves PHP execution (like WordPress/WooCommerce pages):
- Apache forwards the request to PHP-FPM.
- PHP-FPM spawns worker processes based on
pm.max_childrensettings. - Executes PHP 8.2 scripts (e.g.,
index.phpin WordPress).
8. MariaDB (Database Query Execution)
- If PHP-FPM needs data (e.g., WooCommerce products), it:
- Sends SQL queries to MariaDB.
- MariaDB executes queries and returns results.
- Slow queries are cached (if Redis/Memcached is used).
9. Response Back to User
- PHP-FPM sends the processed response back to Apache.
- Apache sends it to Cloudflare.
- Cloudflare caches static content for future requests.
- Final page is delivered to the user’s browser.
Key Takeaways
✅ Cloudflare filters attacks & caches static content.
✅ CSF blocks unwanted traffic at the OS level.
✅ Imunify360 prevents malware & bad bots.
✅ Apache processes static content & PHP-FPM executes dynamic scripts.
✅ MariaDB serves database queries.
✅ Optimizations at each layer improve performance & security.
