• 0 Posts
  • 7 Comments
Joined 1Y ago
cake
Cake day: Jun 28, 2020

help-circle
rss

That “codeberg” repository reads similar to a 5G conspiracy theorist blog


I’m sure theres a difference between the security setting “Essentially Off” and “Off” (which is reserved for enterprise customers only). It could possibly mean that there are still some ip ranges or ASNs which are still forced to have a captcha displayed to them with the “Essentially Off” setting, but I haven’t encountered any.

Also I may have been mistaken about the Firewall 0.0.0.0/0 setting, it seems that Cloudflare’s “security level” is its own version of Firewall rules that apply even before the customer’s rules. So, for example if I set my site’s security setting to “I’m under attack” then I will be displayed with a javascript challenge even if I have the Allow all from 0.0.0.0/0 firewall rule enabled


Yes, in the Cloudflare dashboard you can either make a Firewall setting to “Allow” access to 0.0.0.0/0 or you can set your security options to “Essentially Off”… or both

I’ve just tried it against my site and haven’t seen a captcha prompt

I believe no one ever bothers to configure these which is why Tor users run into so much trouble with captchas on CF sites


  1. The captcha thing is configurable, it can disabled entirely
  2. Cloudbleed was fixed ages ago
  3. You’ve just cherry-picked an image showing a Cloudflare error, I guarantee you Cloudflare has much higher uptime than the actual host has


2200 does not seem like a DDoS in my opinion, I would expect hundreds of thousands in that case


Wouldn’t it be a good idea to put the whole site behind Cloudflare?