Our custom domain sonentis.ru has been blocked by sys_dos_mitigation since May 8. This is a false positive.
Root cause (confirmed): Our nginx reverse proxy on IP 62.113.44.207 (Timeweb AS9123) was making direct TLS connections to em-platform-new.vercel.app, bypassing Cloudflare. Vercel saw the Timeweb JA4 fingerprint as suspicious and triggered sys_dos_mitigation at the edge global layer.
What we’ve done:
- Stopped all proxy traffic from 62.113.44.207 to Vercel edge (nginx disabled since May 10, 22:00 MSK)
- Cloudflare is now active in front of our origin — once the block is lifted, all traffic will go through Cloudflare and Vercel will only see Cloudflare IPs
Current status:
- em-platform-new.vercel.app → 200
- Host: sonentis.ru on Vercel edge → 403
(confirmed via curl) - Project-level bypass rules have no effect — this is edge global layer
Ticket: #01161617, opened May 9, zero responses in 3 days. Plan: Pro.
Is there anyone from Vercel who can escalate this? The block needs to be manually lifted at the edge layer.