That “codeberg” repository reads similar to a 5G conspiracy theorist blog
I’m sure theres a difference between the security setting “Essentially Off” and “Off” (which is reserved for enterprise customers only). It could possibly mean that there are still some ip ranges or ASNs which are still forced to have a captcha displayed to them with the “Essentially Off” setting, but I haven’t encountered any.
Yes, in the Cloudflare dashboard you can either make a Firewall setting to “Allow” access to 0.0.0.0/0 or you can set your security options to “Essentially Off”… or both
I’ve just tried it against my site and haven’t seen a captcha prompt
I believe no one ever bothers to configure these which is why Tor users run into so much trouble with captchas on CF sites
Why is it a horrible idea?
2200 does not seem like a DDoS in my opinion, I would expect hundreds of thousands in that case
Wouldn’t it be a good idea to put the whole site behind Cloudflare?