We're excited to announce our support of two independent, open source projects: Ladybird, an ambitious project to build a completely independent browser from the ground up, and Omarchy, an opinionated Arch Linux setup for developers.
Exactly. My employer uses Akamai, which is larger than Cloudflare. Akamai provides the ability to block traffic from Tor, traffic from VPNs, traffic from any countries you desire, and so on. They also provide managed lists of countries listed in things like ITAR so you can easily block them if you want.
Nope. Cloudflare use a complex set of fingerprinting tools that determine security scores. It’s literally social credit system for web user agents and the site admits have little control over that.
While true that there are security scores, the site admins set which score (if any) to block at. So, they do have control over that. Same goes for the bot fight mode as well. So, site admins do have control over whether or not to block based on the associated score, just not over the calculation itself unless configured otherwise.
The control is very limited unless you’re enterprise subscriber and even then CF is super sneaky and doesnt actually report the real world. I had a few clients where they were clearly suffering losses due to cf implementation (you could literally see sales dip when cf is enabled) but they didnt believe me because cf dashboard doesn’t report false positives or anything of that sort and they had no in house analytics to really understand the issue.
It’s literally not limited. If you don’t put a WAF rule based on the score then it doesn’t get blocked based on the score. It’s that easy. I’ve got clients and my own site on Cloudflare, so I know how it works. You don’t even need the pro subscription to do that.
You control the score but not how its calculated. My score is incredibly high just because I’m on Linux with Firefox - how important is that to you as an e-commerse site admin?
For what it’s worth when you set up your site on cloudflare you get to choose how strict you want security to be and what URLs it applies to, or just disable it and use it only as a CDN. Or even disable routing entirely and use it only as your DNS.
It would be nice if they were more clear that enabling some features might block legitimate users though.
Cloudflare PR. Fuck them. Blocking VPNs from accessing websites is very open web of you.
Cloudflare blocks VPNs at the request of whoever is running the server. There are tons of websites running on Cloudflare that work with VPNs.
Exactly. My employer uses Akamai, which is larger than Cloudflare. Akamai provides the ability to block traffic from Tor, traffic from VPNs, traffic from any countries you desire, and so on. They also provide managed lists of countries listed in things like ITAR so you can easily block them if you want.
There are also many Lemmy instances that are intentionally blocking VPNs because they have to to stay afloat.
Nope. Cloudflare use a complex set of fingerprinting tools that determine security scores. It’s literally social credit system for web user agents and the site admits have little control over that.
While true that there are security scores, the site admins set which score (if any) to block at. So, they do have control over that. Same goes for the bot fight mode as well. So, site admins do have control over whether or not to block based on the associated score, just not over the calculation itself unless configured otherwise.
The control is very limited unless you’re enterprise subscriber and even then CF is super sneaky and doesnt actually report the real world. I had a few clients where they were clearly suffering losses due to cf implementation (you could literally see sales dip when cf is enabled) but they didnt believe me because cf dashboard doesn’t report false positives or anything of that sort and they had no in house analytics to really understand the issue.
It’s literally not limited. If you don’t put a WAF rule based on the score then it doesn’t get blocked based on the score. It’s that easy. I’ve got clients and my own site on Cloudflare, so I know how it works. You don’t even need the pro subscription to do that.
You control the score but not how its calculated. My score is incredibly high just because I’m on Linux with Firefox - how important is that to you as an e-commerse site admin?
I said that in my original comment:
If you don’t use the score, it’s not a factor. I don’t use the score at all for my clients. You are not required to use it.
I’m using a VPN with my cloudflare reverse proxies right now. That blocking is configured by the website owners, not Cloudflare.
For what it’s worth when you set up your site on cloudflare you get to choose how strict you want security to be and what URLs it applies to, or just disable it and use it only as a CDN. Or even disable routing entirely and use it only as your DNS.
It would be nice if they were more clear that enabling some features might block legitimate users though.