DEV Community: GameHzLab

🚀 From HTTP Loopbacks to Direct Service Layer: How We Fixed 403 Errors and Boosted Performance

GameHzLab — Thu, 26 Mar 2026 05:45:24 +0000

We just hit a major architectural milestone at GameHzLab! 🚀

After weeks of refactoring, we have successfully migrated our project's backend from a "Loopback-heavy" architecture to a Direct Service Layer pattern. If you’ve ever struggled with your own WAF blocking your server-side requests, this one is for you.

🛑 The Problem: The "403 Forbidden" Wall
Previously, our Server Components (Home, Category, and Detail pages) on GameHzLab fetched data by making internal HTTP requests to our own API routes. While this felt "modular," it introduced a critical point of failure: Cloudflare WAF.

Our server's internal requests were occasionally flagged as suspicious by our own firewall, leading to intermittent 403 errors and broken page renders.

🛠️ The Solution: gameService.ts
We introduced a unified gameService.ts to act as our data "Source of Truth."

Direct Database Access: Server components now call the service layer directly to fetch data from Supabase.

Bypassing the WAF: Since these are internal function calls rather than outbound HTTP requests, we have completely eliminated the risk of being blocked by our own security layers.

Architecture Standardization: All API routes have been refactored into lightweight wrappers around gameService, making the codebase cleaner and significantly easier to maintain.

📈 The Results

Major Performance Boost (TTFB) By cutting out the overhead of the internal network stack (DNS lookup, TCP handshake, and TLS negotiation for every internal request), we’ve slashed our Time to First Byte (TTFB).

Estimated Impact: We expect a 100-200ms reduction in page rendering latency across the platform.

GA4 Data Purity 🛡️ Analytics are only useful if they are accurate. We noticed that server-side crawlers were inflating our numbers.

We’ve implemented a server-side bot detection logic in layout.tsx. Now, when known crawlers visit GameHzLab, the GA4 script is no longer loaded. This protects our analysis from "noise" and ensures our data reflects real human engagement.

💡 Key Takeaway
If you are building with Next.js or any modern SSR framework, avoid the temptation to "fetch your own API" from within Server Components. It adds latency, introduces security hurdles, and complicates your architecture. Go direct.

Check out the live results at: www.gamehzlab.com

Have you faced issues with WAFs blocking your own server-side requests? Let’s discuss in the comments!

webdev #nextjs #architecture #performance #supabase #refactoring

How I Saved My Serverless Game Platform from Bot Traffic using Cloudflare WAF

GameHzLab — Mon, 23 Mar 2026 06:04:01 +0000

Tags: #webdev #security #serverless #nextjs #cloudflare

The Problem: 0% Engagement and 5xx Errors
Recently, while developing my H5 game platform gamehzlab.com, I noticed a disturbing trend in GA4: 100% bounce rate and 0.0% engagement time.

Despite having nearly 2k unique visitors, the "users" were spending only 2 seconds on the site. Even worse, Google Search Console started reporting 5xx Server Errors, preventing my games from being indexed.

The Trap: Global Bot Fight Mode
My first instinct was to toggle Cloudflare's "Bot Fight Mode".
Result: It backfired.
While it stopped some bots, it also blocked my game's .wasm and .data files. The AI-based protection was too aggressive, treating large binary fetches as suspicious activity, effectively breaking the game for real players.

The Solution: Smart Tiered Defense
I shifted from "Global Blocking" to a Custom WAF Rule strategy. Here is the logic that finally balanced security and accessibility:

Targeted Challenges
Instead of challenging everyone, I targeted high-risk, low-engagement regions (e.g., specific data center hubs) and excluded verified crawlers.
The "Verified Bot" Green Channel
I used the Known Bots field to ensure Googlebot and Bingbot could always reach the site, even when my manual rules were strict.
Protecting the Entry Point Only
By restricting the challenge to the root path (/), I ensured that once a human passed the initial check, their browser could freely download game assets without further interruption.

Current Status: The Road to Indexing
After deploying these changes and validating the fix in GSC, 129 pages are now in the "Discovered - currently not indexed" queue with a status of "Started". This means Google has acknowledged the server is healthy again and is re-queuing the content for crawl.

Key Takeaways for Indie Devs:
Don't trust "Bot Fight Mode" blindly for asset-heavy sites (Wasm/H5 games).

Prioritize Cache Rate: My initial cache rate was only 1.33%. Boosting this via Cache Rules is the best way to shield your Vercel/Supabase origin.

Watch GA4 Engagement: If it’s 0%, you don't have a traffic problem; you have a bot problem.

From 280MB to 1MB: How I Optimized Performance and SEO for My H5 Gaming Platform

GameHzLab — Thu, 19 Mar 2026 09:14:59 +0000

Building a global H5 gaming platform like GameHzLab is a race against both loading times and search engine indexing. When I discovered my initial API payloads were hitting 280MB and search engine visibility was stagnant, I knew a deep architectural overhaul was required.

Through a combination of extreme asset compression and a V2 SEO strategy, I managed to slash payloads by over 99% and achieve an 866.7% growth in organic search traffic within weeks. Here is the technical breakdown of that journey.

1. The Performance Revolution: Slashing Payloads
In web gaming, every second of loading time correlates directly to user drop-off. My primary goal was to ensure the "instant play" promise of H5 games.

API Optimization: By refactoring backend logic and utilizing Serverless Edge Functions, I successfully reduced the primary API response from 280MB to under 1MB. This ensures a smooth experience even for players on unstable mobile networks.
Engine & Texture Compression: For games built on Cocos and Unity, I moved away from standard PNGs to WebP and ASTC formats. I also implemented engine stripping to remove unused modules (like 3D physics for 2D games), ensuring every byte downloaded contributes to the immediate gameplay.

2. SEO V2: Category Hubs as Traffic Magnets
To help search engines better understand the site's hierarchy, I upgraded the classification system from simple query parameters to a robust link structure.

Route Rewriting: I shortened category paths from /category/ to a more concise and authoritative /c/.
Dynamic Routing: I implemented dynamic /[locale]/c/[id] routes for every supported language. This created stable "landing hubs" for high-volume categories like Mahjong or Puzzle games.
Structured Data (JSON-LD): By adding Breadcrumbs and CollectionPage schemas, I explicitly informed Google about the site's structure, leading to better rich-snippet representation in search results.

3. Content Enrichment: The "Game DNA" Factor
SEO is as much about content quality as it is about code. I expanded the content for all 15 core categories to increase authority.

Deep Descriptions: Each category page now features unique descriptions optimized for long-tail keywords.
Game DNA System: I developed a system that maps player psychology to gameplay. This interactive element has significantly increased "dwell time"—I've even observed individual US-based players staying engaged for over 36 minutes.

4. Real-World Impact: By the Numbers
The data from Google Search Console and GA4 confirms the success of these optimizations:

Search Visibility: The site achieved an average ranking of 16.4 with a healthy 4.5% click-through rate (CTR).
Traffic Explosion: Organic search traffic grew by 866.7%.
Global Reach: While I initially saw a spike in 4-second "bot-like" traffic from Singapore, the platform has successfully attracted high-value "real" players from the United States with engagement times exceeding 30 minutes.

Conclusion
For a solo developer, extreme performance is the baseline for retention, and structured SEO is the lifeline for growth. By leveraging Next.js and a lean asset strategy, GameHzLab demonstrates that a single engineer can build a platform capable of competing on a global scale.

Explore the results at GameHzLab.com