Comment by oidar
5 days ago
I wonder what would life without cloudflare look like? What practices would fill the gaps if a company didn't - or wasn't allowed to -- satisfy the the concerns that cloudflare fills.
5 days ago
I wonder what would life without cloudflare look like? What practices would fill the gaps if a company didn't - or wasn't allowed to -- satisfy the the concerns that cloudflare fills.
Pretty much exactly like it does now but with less captchas.
Fun fact: Headless browsers can easily pass cloudflare captchas automatically. They're not actually captchaing - they're just a placebo. You just need to be coming from a residential IP address and using a real browser.
> Pretty much exactly like it does now but with less captchas.
This just isn't true. e.g. I saw a 30x increase in traffic on my forum due to AI bots that I had to use CF to block.
CF is mainly empowered by the naive ideals of the internet's design that never built-in countermeasures against bad actors. You're expected to just deal with it yourself somehow. And that means outsourcing it, especially as residential IP address botnets on unlimited ISP data plans become cheaper and cheaper.
Just ask yourself why web hosting providers themselves can't offer services at CF's level. It's because it's too hard of a problem even for them.
You didn't have to use CF to block them. You chose to use CF to block them. How was your experience with Anubis or https://git.gammaspectra.live/git/go-away?
Or you could simply... serve the requests. If your normal traffic is only, like, 1 request per minute, then 30x that is still pretty low and there's no actual reason to worry about it.
Web hosting providers don't offer bot blockers because first, they have no reason to care, and second, they can serve the requests, and third, some of them want to upsell you on bandwidth (you should prefer the ones with unmetered bandwidth).
BTW AFAIK there's still zero evidence that the massive DDoS wave has anything at all to do with AI. It could be, say, one of Russia's many small avenues of trying to break the West, or Cloudflare trying to get more business, or the NSA trying to make Cloudflare get more business because it's tapped into Cloudflare.
1 reply →