False positive alerts occur when StatusDrift reports your site as down, but it’s actually accessible to real users. While we work hard to minimize false positives, they can occasionally happen. This guide helps you identify and resolve them.
What Causes False Positives?
False positives typically occur due to:
- Firewall or security blocks – Your security software blocks monitoring requests
- Rate limiting – Your server throttles requests from our IPs
- Temporary network issues – Brief connectivity problems between monitoring servers and your site
- CDN or edge issues – Problems at specific CDN edge locations
- Aggressive caching – Cache serving stale error pages
- Geographic restrictions – Geo-blocking affects certain monitoring locations
Identifying False Positives
Signs that an alert might be a false positive:
- The site was accessible when you checked manually
- Downtime was very brief (under 2 minutes)
- Only some monitoring locations reported the issue
- The error is 403 Forbidden or a timeout (not 5xx server errors)
- No other monitoring tools or users reported issues
- Incidents happen at consistent times (suggesting scheduled tasks or rate limits)
Reducing False Positives
1. Increase Consecutive Checks Down to Alert
StatusDrift can require multiple consecutive failed checks before alerting you:
1. Go to your monitor’s Settings.
2. Click the Advanced Configuration tab.
3. Find Consecutive Checks Down to Alert.
4. Set it to require 2-3 consecutive failures before alerting.
This prevents alerts from single transient failures. See Advanced Monitor Settings for more details.
2. Adjust Locations Down to Alert
StatusDrift checks your monitors from multiple geographic locations. Configure how many locations must report the monitor as down before triggering an alert:
1. Go to monitor Settings.
2. Click the Advanced Configuration tab.
3. Find Locations Down to Alert.
4. Set a higher threshold (e.g., 2 or 3 locations must report down before alerting).
This helps distinguish between regional network issues affecting a single monitoring location and actual outages.
3. Whitelist StatusDrift IPs
Many false positives come from security tools blocking our requests. Add our IP addresses to your whitelist:
- Firewall allow rules
- WAF (Web Application Firewall) exceptions
- Rate limiter exclusions
- Security plugin whitelists
See IP Whitelisting for StatusDrift for the complete IP list and platform-specific instructions.
4. Whitelist Our User Agent
Some security tools filter by user agent. Whitelist:
StatusDrift-Monitor/1.0 (+https://statusdrift.com/bot)5. Increase Timeout Settings
If your site occasionally responds slowly, increase the timeout threshold:
- Default: 30 seconds
- For slower sites: 45-60 seconds
This prevents timeout alerts during temporary slowdowns.
6. Monitor a Dedicated Health Endpoint
Instead of monitoring your homepage (which may be complex and slow), create a simple health check endpoint:
// Example: /health endpoint
{
"status": "ok",
"timestamp": "2024-01-15T10:00:00Z"
}Benefits:
- Faster response times
- Less affected by page-specific issues
- Can check database connectivity
- More reliable monitoring
7. Review Rate Limits
Ensure your rate limiting configuration allows monitoring traffic:
- For 1-minute checks: At least 1 request/minute from each monitoring location
- For multi-location: Multiply by the number of locations
- Add buffer for re-checks during incidents
Analyzing Past False Positives
To understand why false positives occurred:
1. Go to Monitors > select monitor > Event Log.
2. Click on the incident to see details.
3. Review:
- Error type – Timeout, HTTP error, connection refused, etc.
- Duration – How long the “outage” lasted
- Locations affected – All locations or just some
- Response data – Any partial response received
4. Cross-reference with:
- Your server logs during that time
- CDN/WAF logs
- Any scheduled maintenance or deployments
Common False Positive Patterns
Pattern: Brief Downtime at Regular Intervals
Likely cause: Scheduled tasks (cron jobs, backups) consuming resources
Solution: Schedule heavy tasks during off-peak hours or optimize them to be less resource-intensive
Pattern: Only One Location Reports Issues
Likely cause: Regional network issues, geo-blocking, or CDN edge problems
Solution: Increase the Locations Down to Alert setting; check if that region is geo-blocked
Pattern: 403 Forbidden Errors
Likely cause: Firewall or WAF blocking monitoring requests
Solution: Whitelist StatusDrift IPs and user agent
Pattern: Intermittent Timeouts
Likely cause: Slow server responses, rate limiting, or network congestion
Solution: Increase timeout; optimize server performance; check rate limits
Pattern: SSL Errors Despite Valid Certificate
Likely cause: Incomplete certificate chain, SNI issues, or CDN misconfiguration
Solution: Verify certificate chain; ensure CDN serves correct certificate
When False Positives Persist
If you continue experiencing false positives after following these steps:
1. Document the incidents – Note times, error messages, and affected locations
2. Check server logs – Look for StatusDrift requests during reported downtime
3. Contact support – Share the documentation with our team
We can investigate from our side and help identify the root cause.