Comment by shwouchk
1 year ago
cloudflare is primarily a caching proxy. in order to perform any caching, they would have to have the unencrypted objects. check, mate.
It is sad that in this day and age, when you buy a car you need to sign a legal exclaimer that you understand it requires gasoline to run.
Cloudflare's CDN capabilities are separate from DDOS protection and indeed many requests cannot be cached due to the resources being sensitive (i.e. authenticated requests.)
Again, there are many forms of proxies and DDOS protection that do not rely on TLS interception, just as there are cars that do not rely on gasoline. Cloudflare has many less technical home users who use their service to avoid sharing their IP online, avoid DDOS, or access home resources. I do not think the average Internet user is familiar with these concepts. There are many examples of surprised users on subreddits like /r/homelab.
how would they know what to cache? the response headers from the server are encrypted. there is maybe the high end l3 protection available if you have the resources. the free tier has caching bundled.
Also, how would their certificates work if they don’t see content?
> how would they know what to cache?
That's a weird question to ask to someone that went out of their way to describe a non-caching situation.
> Also, how would their certificates work if they don’t see content?
Can you be more specific? I'm not sure which feature you're asking about or how it uses certificates.
But the answer is likely "that feature isn't necessary to provide DDOS protection".
8 replies →