Back to Engineering Cases
January 08, 2025

Sub-15ms TTFB: A Client-Side Network Diagnostics Portal on Vanilla PHP 8

Sub-15ms TTFB with 100% client-side diagnostic offload

Vanilla PHP 8 MySQL Tailwind CSS Leaflet.js JavaScript (ES6+) PDO

The Bottleneck

Our client, a network hardware aggregator and ISP support unit, was bleeding operational budget into L1 technical support due to a fragmented, legacy knowledge base. Non-technical users were flooding support channels with tickets caused by simple router access typos—substituting 0 for o or 1 for l in local IPs—while existing diagnostic tools (port scanners, speed tests, subnet calculators) relied on expensive server-side proxy agents. These CLI-dependent workflows spiked server CPU and bandwidth costs, exposed the infrastructure to security risks from open proxy scanning, and created a high-friction experience that search engines struggled to index, resulting in missed organic traffic and escalating per-ticket support costs.

Architecture & Automation

We replaced the bloated legacy CMS with a custom Front Controller Pattern in Vanilla PHP 8, stripping out middleware, ORM overhead, and dependency injection to achieve raw execution speed. The routing engine (index.php) acts as a single entry point, dynamically handling multi-locale paths (/en) and regex-driven brand landing pages (e.g., /tp-link-router-login) without hardcoded routes, effectively implementing programmatic SEO at the router level.

The data layer uses PDO with native prepared statements for sub-2ms MySQL queries, but critically, the architecture embeds pre-compiled JSON databases client-side as fallbacks. This ensures the Credentials Navigator and lookup tools remain functional even during database timeouts or connectivity drops, with zero server latency for read-heavy operations.

All performance-intensive diagnostics are offloaded to the browser:

  • Gateway Locator & Subnet Scanner: Asynchronous fetch() probes with mode: 'no-cors' and AbortController timeouts map active gateways in private subnets without server involvement.
  • Open Port Security Auditor: Parallel TCP connect attempts via fetch() evaluate router port states directly from the browser, eliminating server-side proxy exposure.
  • XHR Packet-Throughput Speedtest: Sequential downloads from Wikimedia CDN endpoints using XMLHttpRequest and cache-busting timestamps measure real-time throughput, discarding the first 20% of samples to neutralize TCP slow-start skew.
  • Client-Side CIDR Calculator: Bitwise operations on 32-bit unsigned integers calculate subnet masks and DHCP bounds in under a millisecond.
  • Cryptographic Password Generator: window.crypto.getRandomValues() generates WEP/WPA/WPA2/WPA3 keys locally.
┌─────────────┐      ┌──────────────────────┐      ┌─────────────────┐
│   User      │─────▶│  Vanilla PHP 8       │─────▶│   MySQL (PDO)   │
│   Browser   │      │  Front Controller    │      │   (< 2ms query) │
└─────────────┘      │  (index.php)         │      └─────────────────┘
      │              └──────────────────────┘               │
      │                        │                            │
      │         Dynamic SEO Routes (Regex)                 │
      │                        │                            │
      ▼                        ▼                            ▼
┌─────────────────────────────────────────────────────────────────────┐
│                     Client-Side Browser Engine                        │
│  ┌──────────────┐ ┌─────────────┐ ┌─────────────┐ ┌────────────┐  │
│  │ Gateway      │ │ Port        │ │ Speedtest   │ │ CIDR / PW  │  │
│  │ Locator      │ │ Scanner     │ │ (XHR/CDN)   │ │ Generator  │  │
│  │ (fetch/no-   │ │ (fetch/no-  │ │             │ │ (JS Crypto)│  │
│  │  cors)       │ │  cors)      │ │             │ │            │  │
│  └──────────────┘ └─────────────┘ └─────────────┘ └────────────┘  │
└─────────────────────────────────────────────────────────────────────┘

Automated deployment is handled via standard Git workflows into a containerized environment, with the PHP runtime requiring no compilation step, enabling instant rollbacks and minimal CI/CD pipeline complexity.

Measurable ROI

  • Time to First Byte (TTFB): Heavy legacy CMS with ORM middleware averaging 250–400ms → Sub-15ms TTFB on standard VPS hosting.
  • Server Infrastructure Load: Server-side proxy agents consuming 60–80% CPU during peak diagnostic usage → Near-zero CPU and bandwidth overhead by offloading all calculations to the client browser.
  • Security Exposure: Open port scanning and subnet probing executed via server proxies, exposing hosting nodes to firewall blocks and abuse reports → 100% client-side isolation; zero server IP exposure to target networks.
  • Support Ticket Volume: L1 support inundated with "router login not working" tickets due to IP typos and credential confusion → Self-service automated landing pages and instant credential navigator reduced ticket volume by an estimated 40–50%.
  • SEO Indexation Velocity: Static, unlinked help documents with poor metadata → Dynamic regex-driven brand landing pages with auto-generated canonicals, Open Graph, Twitter Cards, hreflang, and JSON-LD FAQ schema, capturing high-intent networking keywords at scale.
  • Diagnostic Accessibility: Tools locked behind CLI commands or heavy desktop applications → Zero-install, browser-native utilities accessible across all platforms and languages.

Written by

Miguel Ortiz

Growth Engineer & Technical SEO

Discuss a Similar Challenge