>>107189166 (OP)
https://xn--gckvb8fzb.com/thoughts-on-cloudflare/

kikeflare as imperva - JEWISH shit

>fuck cloudflare.
indeed

you need a webm that truly conveys how annoying the check you are human shit is. make something viral.

File: glowflare.png (467 KB, 933x978)

467 KB PNG

>>107189166 (OP)
>how did anyone think that letting some corporation eavesdrop on 20% of web traffic was ever a good idea
That was the whole purpose behind Cloudflare. Everything they offer exists in pursuit of that goal.

>>107189646
actualy making it a meme may be a good idea.
if you can make it viral and short them that'd be fun too.

>>107189166 (OP)
Then which one can hide my server IP? I don't want anon to mass-report my server just because I'm hosting some kind of hentai archives.

>>107189166 (OP)
>i decided to expose my new employers server to the internet instead of putting it behind a WAF like i was supposed to

>>107189885
nice try glowie, also you can use a waf without cloudflare.

and also, i wrote the application i exposed through a domain name, i can handle its security myself.

i was not "supposed" to put it behind cloudflare, i was only supposed to ship something and make a dns record for it, they don't even understand what cloudflare or dns means, and i effectively have the position of cto, i make the calls.

and yea, fuck cloudflare, there are better options and ways to protect your application anyway.

and anyway, i doubt anyone would try to ddos a dashboard for a mid sized company, regarding security, good luck hacking it too with the way i wrote it.

>>107189906
You barely know how to write english, I wouldn't trust you with code either

>>107189166 (OP)
So much hatred for a service that just wants you to have a pleasant and safe time on the internet. You all should be ashamed of yourselves.

>>107189926
i'm french, not english, what do you expect.

anyway, the backend is rust, auth is made using http only https only jwt, there is also some session blacklisting logic.

the server exposing the backend only has those ports allowed in the firewall.
the server running the database is not exposed to the internet and only available through the vpc.

and the site files are staticly generated, no ssr.

if i assume that the libraries i'm using ie axum are not vulnerable then my application is rather safe, especialy for the threat model and things exposed.

there is also temporary ip ban on repeated failed login attempts.

i also won hacking competitions in the past so i do know about security thank you.

you just sound like some cloudflare glowie shill.

>>107189932
> that just wants you to have a pleasant and safe time on the internet

not only is there service unpleasant when you have to check their shitty captcha, they don't make it any safer, in fact the opposite as they effectively break encryption.

you are just some cloudflare paid shill.

>>107189967
statically*

>>107189166 (OP)
>Free hosting
>Can publish my shit through CF tunnels
>Setup permissions, limits and other rules
>Integration with self hosted gitlab for deployments
I have been using CF for years and I haven't spent a single cent on it, what is there to hate?

File: ssl added and removed here.jpg (1.49 MB, 3000x2250)

1.49 MB JPG

>>107189166 (OP)
NSA hate thread?

>>107189885
you can run your own WAF instead of exposing your employer servers directly to the internet

>>107189926
and you can't configure your own fucking WAF or argue

>>107190029
if it's free you are the product yada yada.

>>107189932
kys retard

>>107189854
>fill out cloudflare abuse form
>cloudflare automatically answers, tell me that they forwarded it to your host and tell me who your host is
>write to your host about your hentai archive
it is this easy

>>107189166 (OP)
>what a peak glowie companie.
Wait until you find out about Akamai Technologies.

>>107191939
>it is this easy

Is it? is it really? That explains the sheer number of scams and other shady shit still platformed after multiple independant reports...

>>107189166 (OP)
>sometime later i learnt that they are themselves running ddos to make their "service" more attractive
there is no evidence of this. its just something a few /g/ schizos parrot
>they must be decrypting traffic inbetween your server and the client then reencrypting it
thats how WAFs work. might as well cry that email involves storing your messages on someone else's server
>you can set up your own
ok then do that instead of schizo crying about WAF functionality provided to you by someone else. like those email self host schizos

>>107192045
Just like evidence is thin on the ground that early AV was responsible for a decent chunk of malware...

>>107192045
>Thats how WAFs work.
By design. I can move traffic through nodes without tampering with certificates or triggering errors...

> like those email self host schizos
/me bows.
But in all seriousness, I know my emails isn't being used to train some random AI. I know the user data isn't being sold to third parties. I don't have to take someone's word for it. I *know*.

>>107191967
please tell me.
how are they more glowie than any other vps provider ?

>>107192045
> this is how a WAF works
no, not if you run it localy, you can run your own waf and ecrypt the traffic with your key after the waf.

> ok then do that instead
yea, that's what i'm doing.
doesn't change the fact that cloudflare is glowie kikeware.

>>107192166
What? Akamai?

Do most other VPN providers sniff over 80% of global intelliwebs traffic via backbone interceps literally everywhere but North Korea, and recently, China?

File: 1762038280281491.jpg (454 KB, 1256x1094)

454 KB JPG

>>107189166 (OP)
>sometime later i learnt that they are themselves running ddos to make their "service" more attractive, which yea, fuck you.
excuse me?

they're basically running a protection racket?
i'd believe it, but i want to know more

>inb4 thread dies
:/

>>107192193
any evidence for that claim ?

they don't have more access than any other vps providers.

>>107192231
Before there was botnets of IoT allowed to roam free... Drum up a little business, make themselves relevant...

Sorta the same way the CIA made America safer by installing the cartels then losing all control over them. But digital.

>>107192247
You really do your research, huh?

You should be ashamed of how you require to be spoonfed that the founding CEO was ex-moussad, with heavy ties to alphabet soups - who just happened to be funding the deployment on 'lawful intercept' technology at the backbone level.

You should kill yourself for not finding their blog post where they boast about the scale of their interceptions.

And even with providing a clue, you couldn't be bothered to find out precisely why they was kicked out of operating in china...

>>107192266
well thank you for the info, didn't know, if you got a link that's better, otherwise i'll find it myself.

anyway, i didn't care much about linode, you mentioned it.

i don't believe any vps provider can realy be trusted anyway.

they are only useful as an outproxy if you don't have the ability to open your ipv4 ports with your isp, anything sensitive i'd host on my own machine.

>>107192298
I don't recall mentioning linode... Can't confess looking too heavy into them, but they host a lot of criminal activity... Consistently. Just like cloudflare. Unlike cloudflare they pretend to do something about it - but then sell the same criminal more services to do the same thing profiting from the whack-a-mole. Or that's the worst I've seen.

But as a rule of thumb, you probably can't trust a VPN provider. At a certain saturation point it becomes a juicy target.

>>107189166 (OP)
I refuse to use them because you can't even forward the visitor IP address to your logs. You have to pay them to do that.
Also, what do you think of their captcha? Does that collect any data?

>>107193651
>Does that collect any data?
It collects any and all data it can, which is quite a lot

>>107189967
>i also won hacking competitions in the past so i do know about security thank you.
lolling at this

>/pol/schizo takes a shit in the catalog
>everything written is factually incorrect

>>107194406
A captcha though? At least it's not connected to any page. I'm assuming it only grabs the login page ans IP address. I don't think it grabs POST data. I'd be surprised if they can hook that out from the reverse proxy. Like, fingerprintwise, yea it's fucked. I guess looking for another captcha might be good meanwhile, but how would you think they'd be grabbing POST data if even possible?

>>107189166 (OP)
nah i sold my soul to cloudflare

>>107195991
i sold my cloud to soulflare

Soon you will need to be cloudflare verified to even connect to the internet, with id registered at birth for gen beta.

>>107195743
nigga they have access to every single fucking byte that you send them

>>107196579
1.21 niggabytes

>>107195743
ty anon

i hate all these retards, including myself
i appreciate the 1 in 10 effortposts on this board

File: 1762410586954728.gif (3.71 MB, 1010x1200)

3.71 MB GIF

My websites are using my custom load balancer solution and no problems whatsoever. I don't know why every retard thinks cloudflare is a must. Or should I say kikeflare.

>>107196705
your website is not significant enough to be targeted, this is like bragging you made your singular bedroom door lock the strongest in the world. who gives a fuck. once its actually attacked it will disintegrate

>>107196721
>your website is not significant enough to be targeted, this is like bragging you made your singular bedroom door lock the strongest in the world. who gives a fuck.
in the past that'd be true, but i think aggressive scraping operations have scaled up exponentially in the past 5-10 years

>>107196721
Lmao, I have thousands of users.

File: 1748216041272296.jpg (90 KB, 974x1162)

90 KB JPG

literally anything organic has to be sucked up & burned/mulched to be re-sold in a worse form by some AI faggot
etc...

>>107189166 (OP)
>i learnt that they are themselves running ddos to make their "service" more attractive
Where exactly did you "learn" this?

File: 2025-11-10-081104_377x342(...).png (83 KB, 377x342)

83 KB PNG

>>107196749
MY SOURCE IS I MADE IT THE FUCK UP

How to solve the Cloudflare problem? The trainees at Anubis tried something similar, but it's simply not practical for companies, besides not really working, since most modern bots use Javascript, passing the proof-of-work isn't really a problem for modern scrapers.
The issue is that creating a service similar to Cloudflare runs into a lot of legal bullshit, problems with European and American legislation that make the service almost unfeasible. Obviously, Cloudflare doesn't follow these laws; there's no doubt that this company glows in the dark. But what can we do about it?

I know that the DDoS problem is something almost impossible to solve without having a technological and legal apparatus (without having friends in the government).

>>107197348
>the DDoS problem
is it really that big of a problem?

>>107197486
Yes, and that's precisely why Cloudflare is attacking websites with their own DDoS infra.
Have you ever tried to have a website without Cloudflare before?

File: 1754487444334841.jpg (224 KB, 1097x1362)

224 KB JPG

>>107189166 (OP)
bots and scrapers strike real fucking hard even with cloudflare it's insane
i had to put mine under cloudflare AND turnstile stealth
you'll never know until you have a website that gets 30k unique visitors a day... everyone wants to try and probe your API, if not for my security autism i probably would've had massive bandwidth costs

I know how scrapers work because I am too

File: 1734104518535780 043 - JakyghM.jpg (120 KB, 392x445)

120 KB JPG

>>107197655
>I know how scrapers work because I am too
you're scraping as well?

>>107197715
it takes one to know one

>>107197915
i see.....

>>107190029
Can you explain your workflow? Whats a cf tunnel

>>107198168
Not him but:
Cf tunnel = cloud flare tunnel. You know how you would pay for a VPS to host your site on because exposing your home IP address is not a smart idea? Cloudflare tunnels basically proxy straight to your home server without you having to expose any ports on your home machine. It is effectively wireguard by cloudflare. This sort of service is particularly useful when your ISP is faggoty about self-hosting. Do note, these tunnels are TCP only afaik and thus not suitable for video game servers which usually require UDP ports.

>>107192333
well the company behind linode is akamai, linode is probably their most popular service.

> you can't trust a VPN provider
yup, we can agree on that, i still use them but i don't trust them and i only use them for things i don't need to trust them.

>>107195423
i one one competition of the DGSE which is france equivalent of NSA this allowed me to get into some pretty high ranked and confidential cybersec positions, but i later decided that i rather do software engineering because it was too much paperwork.

>>107195743
to be able to show the captcha the way they do it they need to be able to decrypt data in transit.

they literaly decrypt from your cert, replace the stuff with ie captcha page and encrypt again before it gets to the client.

>>107197655
that's why you use a waf, you can host your own you know.

>>107199465
i mean you can always do meme udp over tcp but yea that's not great.

>>107193651
log the IP address with nginx...?

>>107200475
won't work, they change the origin ip address, you'd just keep logging cloudflare's ip, basicaly they want you to pay to ad the x referer ip header thingy.

>>107200475
>>107200523
X-Forwarded-For header
is the name of the header.

you actualy often have to set it up in nginx when you are using it as a proxy pass for your backend.

>>107200523
you absolute rookie

>>107200669
it's not a rookie thing, cloudflare will literaly strip out the address.

i mean sure you could come with some backwards ways to still get it, but you can't just use the origin ip address like you'd usualy do because you'll get cloudflare's.

>>107200716
I host a site you've probably visited and I use the method cf instructs users on how to get the clients ip.

dunning kruger anon, level up and read the docs

it's the a backwards way, it's THE way. How do you expect to have a middle man protecting you without some compromise to your effort expenditure.

have you considered trying? swallow your pride and read the docs

>>107199853
can you larp less

>>107200782
i'm not the same guy than the guy saying you had to pay for it, so i took his word for it and just assumed it was something they did.

honestly idgaf, i don't use cloudflare, nor will ever use it, and i'm not a webshitter anyway.

i mostly do system programming and some backend stuff, if i ever have to do frontend webshit i try to meme vibecode as much as i can of it.

> swallow your pride and read the docs

i'm not gonna read the docs for a service i don't even want to use and despise to the core of my being.

> How do you expect to have a middle man protecting you without some compromise to your effort expenditure.

a proxy can literaly use the X-Forwarded-For and X-Real-Ip header to give the original user's ip, there should be no effort whatsoever involved, we do it all the time with nginx.

nginx can also just set header host with $host.

anyway, it should not be anything more than toggling an option on, there should be NO effort on your part to get the ip of the origincal client.

>>107200818
> i have no notable achievements therefore no one else has.

>>107200891
why are you posting on /g/ about this if it's true

>>107200900
i'd not have unprompted, but if you are gonna doubt my qualifications just because i don't speak english well (especialy since i was sleep deprived yesterday).

well the best i can do is give some personal history.

i guess i could share some code too but you could make the claim it's not mine, fundamentaly 4chan is a semi anonymous board and i rather not share my identity on this thread.

>>107200927
im just wondering like, why do you need to reaffirm yourself? can't you just be like "okay well it's 4chan they're retarded i don't need to prove myself to them" and be done with it? come on pal

>>107200900
also 90% of the time i spend on /g/ is on /lmg/ to get news about ai papers new hardware and whatnot, i sometime sideline to some other threads like this one but this isn't my main use of g.

>>107200933
fair enough, you know, i have autism and ocd, so, i get obsessive about shit that don't matter and sometime realise it after the fact and get out of the loop.

i think i put too much more mental energy in this discussion than it's worth anyway.

but yea i do have an argumentative and obsessive personality, i tried avoiding getting caught in fished into dumb arguments but sometime i still do, so that's why.

>>107200949
i think i put much more*
i try avoiding*

>>107200949
fair enough bro

>>107200967
no ill feeling man, godspeed.

still, i don't like cloudflare and it glows from miles away.

i'm presonally not gonna use it and i don't think it is a good thing that so much of the web is.

>>107200887
your country needs a war and a famine to curb your hubris

>>107201387
you sound jewish

>>107189166 (OP)
they are a shit company but when your upload is 1MB that cache is kino and in some cases the only way to keep a tiny webserver alive in the sea of bots.

>>107201460
you sound like a little skiddie who can't even program websites

>>107201559
As if "programming" websites is something we should all aspire to.

>>107201559
he thinks making website is "programming"
> ngmi
shut the fuck up fucking webshitter talk back to me when you actualy touch a real programming language.

or don't, i don't talk to jeets.

>>107201587
your hobby programming in C is never gonna make money little skiddie troon

>>107201790
I was a senior swe in a 5B company with only 10 devs.
I'm now cto of a 100M company, stfu

>>107201822
I was the only 10x engineer at Apple in my whole department (MacOS Kernel research) and the only 50x engineer at Nvidia headquarters in Santa Clara. Jensen Huang was my secretary and bought me coffees. I made Preview, Safari, and CUDA, but I bet you never heard of those amazing technologies since your probably rewriting your botched C hash table implementation for the umpteenth time. Oh ya, I'm getting 20M dollar salaries from Tesla and Meta every day now and Jensen Huang still sends me coffee even though I politely decline because I am a gentleman and a 20000x engineers.

>>107189166 (OP)
Cloudflare saved the internet from bots and pedophiles. You must be a pedo.

>>107201853
You may not believe me and i don't care because i know what i said is true.
Piss off now.
You have nothing real to show for.

>>107201853
kek
>>107201866
brown