131

I am a plebe who doesn't understand these things but what exactly does cloudflare do? I see it popping up more and more often redirecting before visiting a site. I assume that this has something to do with bot traffic? It seems like every mention of cloudflare is about how it ruined someone's day.

you are viewing a single comment's thread
view the rest of the comments
[-] Potatos_are_not_friends@lemmy.world 41 points 6 months ago* (last edited 6 months ago)

Hard to answer your question because it's a mixed bag.

As tech gets cheaper, it gets easier and easier to do malicious things.

On the small scale: I used to host my tech blog on a rinky dink raspberry pi.

I was getting hundreds of funny bot visits a hour, as they try to pen test and find any vulnerabilities. And that was after I set up some tools to block weird IPs. Two years ago, I was getting thousands, and the numbers kept growing. It didn't hit a point where user experience was taking a hit, but at some point it will.

I could get a beefier system (more expensive), or I can just sign up for cloudflare. And now the management of that layer is handled by Cloudflare, so I can focus on coding.

Now to talk About the enterprise level: same thing but hundreds of times more. We were actually getting DDos. We originally didn't want to use Cloudflare, and instead use in-house solutions. But after a hefty trial and seeing our AWS expenses skyrocket, we swapped to Cloudflare.

Signed up, swapped over to Cloudflare, and instant uptake. We are also paying a fraction compared to our in-house solution.

It sounds like a freaking ad for cloudflare.

But one thing I don't like is Cloudflare can easily monopolize the internet. As we all switch, Cloudflare now has a lot of power to tell sites to fuck off if they don't like their content. Cloudflare hasn't yet. They keep up White Power websites and racist shit. But they have taken down calls of violence and online gambling.

If you have your day ruined by Cloudflare, I'm going to either assume you run a bot network, you're trying to do something incorrectly, or you are part of the dark web.

[-] dustyData@lemmy.world 21 points 6 months ago* (last edited 6 months ago)

My day is regularly ruined by cloud flare, and I don't run a bot net. Because instead of doing their job they decided to declare my entire regional IP block a spam source. Now, no doubt there might have been one bad actor who used one IP in this IP block once. The entire block is for residential IPs though. But we all have to suffer degraded service because cloud flare can't be bothered, and as a private user of the internet, I have no resource or place to complain. Not even my ISP has recourse because cloud flare answer is "we don't care about your clients".

[-] bobs_monkey@lemm.ee 7 points 6 months ago

Yeah it gets sticky like that with VPNs as well. I run an always-on VPN (PIA), and depending on which server I'm connected through, it's either a good day or a bad day. Sometimes switching servers works, others not so much.

[-] Bookmeat@lemmy.world 3 points 6 months ago
[-] dustyData@lemmy.world 6 points 6 months ago* (last edited 6 months ago)

Except that's exactly how it works. Cloudflare keeps a record and rating of all IPs in the world. This rating determines the speed of response from the server and the number of security checks before traffic is let through to the protected server that is being queried. This rating is based on over 40 different surveyors that track and monitor spam mail sources, botnets, ISPs and data centers, and can flag IPs as bad actors. These records are available online.

My ISP rotates IP addresses to clients every so often and after router restarts. One particular block is locked and throttled to hell. Sometimes, certain webpages stop working altogether for me, as if traffic is blocked. Or response speeds get excruciatingly slow. Every time it is because I have been given an IP in that exact IP block, tracing the hops shows that cloud flare servers are the bottleneck. Checking it on IP trust records confirms they are flagged as bad actors. It's not my ISP nor their infrastructure, as using a VPN instantaneously restores high speeds and response times, and magically a cloud flare page shows up to check for a human.

I have also checked directly with my ISP and they confirm that there's absolutely nothing wrong on their end, it is cloudflare servers blocking the traffic to some webpages, nothing they can do about it. They have contacted them and they refuse to provide answers as we are in a country sanctioned by the US, so international commercial relations are hindered with bureaucracy.

The worst part is that I can sort of bypass these problems with a VPN, but non cloudflare VPNs are also throttled and trigger anti bot checks every single time. So there's no win for me. My ISP's solution is to keep rotating IPs at random hoping clients spent the least amount of time affected by these issues.

[-] BaroqueInMind@lemmy.one 1 points 6 months ago

You got any sources for that word vomit?

[-] dustyData@lemmy.world 3 points 6 months ago

You could just say that you don't know what a reverse proxy is.

https://www.cloudflare.com/learning/cdn/glossary/reverse-proxy/

https://en.wikipedia.org/wiki/Reverse_proxy

Cloudflare was born out of Project Honey Pot.

https://www.projecthoneypot.org/about_us.php

https://www.cloudwards.net/what-is-cloudflare/

https://en.wikipedia.org/wiki/Cloudflare

But today UnSpam is far from the only IP blacklist tracer on the Internet.

https://www.whatismyip.com/ip-address-blacklist-check/

https://seon.io/resources/ip-blacklist/

And allowlist and blacklist is part of Cloudflare services.

https://developers.cloudflare.com/waf/tools/ip-access-rules/

As for my personal situation, I have the receipts, but I have no desire to doxx myself today.

[-] quixotic120@lemmy.world 8 points 6 months ago

Cloudflare has absolutely told websites to fuck off because they don’t like their content. They haven’t done it a ton of times but they absolutely have. No one cares because the sites they’ve done it to are toxic cesspool shitholes that, to be fair, the world is probably better off without. But each time it showed that cloudflare can simply wield its power if it feels like it.

If your site becomes controversial in the future and is protected/hosted by cloudflare don’t be surprised if they suddenly send a letter saying “fuck off”. They’ve become arbiters of internet censorship and we have accepted it because the daily stormer and kiwi farms and 8chan are bad.

The ridiculous part is all of those sites are still accessible; daily stormer and kiwi farms both still accessible from clearnet (iirc 8chan is tor only) so cloudflare dropping wasn’t even all that effective. Well funded hate speech found a way. But for the next ones that don’t have major alt right cash behind them to fund cloudflare alternatives they’ll just simply disappear. And then we will have the internet where corporations like cloudflare, who should absolutely be content agnostic, decide what we can and cannot see. You may think it’s fine right now because they’re doing it against websites that are admittedly gross and terrible, but what happens when they overstep and the line blurs?

They should act like a proper tier 1 provider: find evidence of crossing a legal threshold, get a court order, and terminate service if something that bad has occurred. Anything less and they suck it up and honor the contract they signed. They haven’t, so fuck cloudflare. The internet is an amazing place but it’s also a disgusting abhorrent cesspool. Don’t get involved in hosting it if you can’t deal with that.

[-] AnAmericanPotato@programming.dev 5 points 6 months ago

If you have your day ruined by Cloudflare, I’m going to either assume you run a bot network, you’re trying to do something incorrectly, or you are part of the dark web.

Or you are unfortunate enough to share a subnet with someone who got on Cloudflare's bad side, in which case there is basically no recourse.

There are a million legitimate reasons to use a VPN, for example, but Cloudflare doesn't care.

[-] Asudox@lemmy.world 2 points 6 months ago

Just a few weeks ago, Primeagen read a blog about how Cloudflare threatened an online casino with taking their sites down if they didn't pay them 120k$ in a day.

[-] BaroqueInMind@lemmy.one 5 points 6 months ago

If you read about it instead of the headline you would have discovered that the casino was simply trying to take advantage of cloudflare in a similar fashion they had been doing to people gambling in their own casino, by leveraging the cheap tier cloudflare provided and slamming the network which was a detriment to other users with smaller bandwidth needs.

Imagine a slow semi truck hogging a two lane road and getting mad at you for trying to go around him just to go home. Cloudflare said they had six months to pay for a higher bandwidth trunk or they can go fuck themselves. The casino did nothing for six months, so they got to go fuck themselves

[-] Asudox@lemmy.world 2 points 6 months ago* (last edited 6 months ago)

I wouldn't really defend cloudflare here. Sure, the tier might have been a bit cheap for a big online casino with high traffic. However, cloudflare should have set limits in place or warn the casino beforehand and not just surprise businesses with great amounts of builtup "damage" money if the business was causing their network to "struggle". The call they made with the CF sales team about the serious issue wasn't a warning at all. According to the blog, they just asked if the casino considered the enterprise tier. Nothing about their networks struggling is said at all. Additionally their future calls were misleading and just tricks to get the casino to talk with the sales team. I'm not sure how CF's fooling the casino here can be seen as something reasonable at all.

They shouldn't call it unlimited if they can't handle high amounts of traffic.

this post was submitted on 02 Jun 2024
131 points (100.0% liked)

No Stupid Questions

36189 readers
676 users here now

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must be legitimate questions. All post titles must include a question.

All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.



Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.



Rule 7- You can't intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- Majority of bots aren't allowed to participate here.



Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

founded 2 years ago
MODERATORS