Comment by karlkloss

9 months ago

Cloudflare's ddos protection constantly locks out non-mainstream browsers, so pot and kettle, and such.

14 comments

karlkloss

Reply
sureglymop  9 months ago

I've had issues with their captchas just not working but not providing that as feedback. Javascript enabled and all.

You can easily reproduce this by using a mainstream browser like Chrome and changing your user agent to e.g. a Firefox one (or the reverse). You'll be hit with captchas everywhere but unlike the cloudflare ones the google ones can at least be resolved.

  • jeroenhd  9 months ago

    A Firefox user agent with a Chrome Javascript engine and a Chrome TLS engine is suspicious. Any decent bot prevention mechanism will trigger on that.

    I don't have issues passing these blocks in Firefox, though.

zarzavat  9 months ago

Not just non-mainstream web browsers but also users in certain less developed countries.

Clearly there’s a balance to be had, but Cloudflare’s shadowbans are just mean.

cgcrob  9 months ago

I get locked out occasionally when travelling outside EU as well. I've got to the point I will just avoid using services with CloudFlare in front of them.

Also the one time I reported abuse which was online banking phishing they just replied that they'd informed the upstream provider and nothing happened.

anilakar  9 months ago

Can confirm. If I click certain links in the Discord Electron client on Windows they work just fine, but in Firefox on Linux I get the DDoS block page, regardless of the internet connection I'm using.

nabla9  9 months ago

It's a service that Cloudflare customers buy for their site.

This is about messing with unrelated parties. Cloudflare is not doing that.

  • karlkloss  9 months ago

    I'm also an unrelated party, it messes with me, Cloudflare is doing it, and I can't opt out.

    • nabla9  9 months ago

      You are related when you try to access a site. It's just customer service issue. You can't demand that sites allow you in.

         you <---> C <---> site


   you <--X--> C <---> site
          |
         Court order

      See the difference.

      1 reply →

tick_tock_tick  9 months ago

I mean isn't that a feature customers have to turn on?

  • anilakar  9 months ago

    Most folks do not realize the consequences. Of those who do, a significant fraction thinks that the only people accessing it are from US mainland and use Chrome on Windows.