How Request Flow works in the web server

1. User Request

A user accesses https://yourdomain.com, sending an HTTP(S) request.

2. Cloudflare DNS & CDN Handling

• Cloudflare DNS resolves yourdomain.com to your EC2 public IP.
• If enabled, Cloudflare Proxy (CDN & WAF):
  • Blocks malicious traffic (via Cloudflare WAF).
  • Caches static assets (reducing requests to your server).
  • Forwards allowed requests to your AWS EC2 instance.

3. AWS Security (EC2 Security Group & Network Layer)

• The request hits AWS Security Groups (firewall).
  • Allowed Ports: 80 (HTTP), 443 (HTTPS), 22 (SSH if needed).
  • Blocked: Unwanted traffic (e.g., non-standard ports).
  • AWS Network Firewall rules apply (if configured).

4. CSF (ConfigServer Firewall)

If CSF (ConfigServer Security & Firewall) is active, it:

• Blocks blacklisted IPs.
• Restricts login attempts (brute force protection).
• Filters bad traffic before reaching Apache.
• Allows whitelisted IPs through.
  
  

5. ModSecurity (WAF for Apache)

• Filters HTTP requests before they reach PHP
• Blocks threats like (SQL Injection, XSS, CSRF)
• Detects web-based attacks in real-time
• Uses rule sets like OWASP CRS & Comodo WAF

6. Imunify360 (Application-Level Security)

Once past CSF, Imunify360 scans incoming requests:

• Checks for malware and known attack patterns.
• Blocks bad bots and known threats.
• Filters suspicious traffic before Apache processes it.
  
  

7. Apache (Web Server Processing)

Apache receives the request and:

• Handles static files (CSS, JS, images).
• Passes dynamic requests to PHP-FPM.
• Uses mod_rewrite for URL redirection (e.g., WooCommerce URLs).
  
  

8. PHP-FPM (PHP Processing)

If the request involves PHP execution (e.g., WordPress/WooCommerce pages):

• Apache forwards the request to PHP-FPM.
• PHP-FPM spawns worker processes based on pm.max_children settings.
• Executes PHP 8.2 scripts (e.g., index.php in WordPress).
  
  

9. MariaDB (Database Query Execution)

If PHP-FPM needs data (e.g., WooCommerce products), it:

• Sends SQL queries to MariaDB.
• MariaDB executes queries and returns results.
• Slow queries are cached (if Redis/Memcached is used).
  
  

10. Response Back to User

• PHP-FPM sends the processed response back to Apache.
• Apache sends it to Cloudflare.
• Cloudflare caches static content for future requests.
• Final page is delivered to the user’s browser.
  
  

Key Takeaways

• ✅ Cloudflare filters attacks & caches static content.
• ✅ CSF blocks unwanted traffic at the OS level.
• ✅ Imunify360 prevents malware & bad bots.
• ✅ Apache processes static content & PHP-FPM executes dynamic scripts.
• ✅ MariaDB serves database queries.
• ✅ Optimizations at each layer improve performance & security.