So if that is a hard requirement, then might want to look somewhere else, at least for that

HHello, I’m Allie!So if that is a hard requirement, then might want to look somewhere else, at lea...

NothingBad•7/5/23, 5:31 AM

DDos protection and layer4 balance(with anycast ip) is the hard requirement, but I feel it doesn't worth pay 3000$ just for use the service

NNothingBad I'm building a Saas app that use Spectrum(tcp), worker for platform. These requi...

jb•7/5/23, 5:32 AM

there is no such thing as "just spectrum" (for better or worse). it's a part of an offering that requires a bunch of other products/services to work as well.

jb•7/5/23, 5:32 AM

the model isn't great for one off usage, as you've found here, but there are alot of other factors that come into play with it.

NNothingBad DDos protection and layer4 balance(with anycast ip) is the hard requirement, but...

Hello, I’m Allie!OP•7/5/23, 5:36 AM

I'm wondering, would it be possible for you to do it at the DC level? As an example, Hetzner has pretty good DDoS protection, and they provide load balancers which are substantially cheaper.

HHello, I’m Allie!I'm wondering, would it be possible for you to do it at the DC level? As an exam...

NothingBad•7/5/23, 5:42 AM

well... cloudflare have the advantage of larget networks(the saas app is latency sensitive). The spectrum price is ok for me, the pain is enterprise only

lokiwind•7/5/23, 7:03 AM

Hello, I have 10+ domains on openprovider and I want to add these domains to my cloudflare account, but the openprovider administration panel is very complicated. How do I change NS information

lokiwind•7/5/23, 7:05 AM

lokiwind•7/5/23, 7:07 AM

when I click on the open dns zone button this page opens but I cannot edit the ns information, I can only add new dns records

lokiwind•7/5/23, 7:07 AM

lokiwind•7/5/23, 7:09 AM

I wonder if I will do cloudflare ns redirection from here?

Llokiwind I wonder if I will do cloudflare ns redirection from here?

aaaaaaaaaaaaaaaaa•7/5/23, 9:36 AM

That looks like the location you might add Cloudflare’s nameservers. Some providers make you add NS records to your DNS then delete the other ones.

Tristan•7/5/23, 10:45 AM

Hey, when is the Carbon report is going to be available for 2022 ? we're mid 2023

Aaaaaaaaaaaaaaaaaa Pre-warning Microsoft are merging Azure AD B2C with another product at the momen...

Old Man Maker•7/5/23, 11:46 AM

All a bit of a mess over there.... Cheers @Josh

Ddave figured it out by brute force, you need the transform permission too at the zone...

digitalpoint•7/5/23, 3:30 PM

There's a lot of weird stuff with the API permissions. Like managing the Crawl Hints setting requires

Zone.Zone Settings: Read

Zone.Zone Settings: Read

to read it, but then a completely different permission to write...

Zone.Zone: Edit

Zone.Zone: Edit

. Not even sure what

Zone.Zone

Zone.Zone

means considering there's already a different

Zone.Zone Settings

Zone.Zone Settings

permission.

To make it more fun, the API docs don't tell you what permission is required for calls, authentication errors don't tell you which permission is needed either. Figuring out the right permission scope for a token is sometimes a trial and error process that takes longer than making the underlying code to do whatever you are trying to do.

Token permissions are not Cloudflare's strongpoint.

dave•7/5/23, 4:12 PM

How can I find out which Worker triggered a edgeWorkerFetch?

dave•7/5/23, 4:13 PM

  "WorkerCPUTime": 0,
  "WorkerStatus": "unknown",
  "WorkerSubrequest": true,
  "WorkerSubrequestCount": 0,
  "WorkerWallTimeUs": 0,

  "WorkerCPUTime": 0,
  "WorkerStatus": "unknown",
  "WorkerSubrequest": true,
  "WorkerSubrequestCount": 0,
  "WorkerWallTimeUs": 0,

Erisa•7/5/23, 4:25 PM

Good question

Erisa•7/5/23, 4:25 PM

I know theres

ParentRayID

ParentRayID

which points you to the request that triggered it

Erisa•7/5/23, 4:25 PM

But not seeing one to get the worker name https://developers.cloudflare.com/logs/reference/log-fields/zone/http_requests/

EErisa I know theres `ParentRayID` which points you to the request that triggered it

dave•7/5/23, 4:36 PM

ahhhh thank you, confusingly ParentRayID ends and starts with the exact same characters, with only four in the middle that differ. I thought they were the same at first.

Erisa•7/5/23, 4:36 PM

I've been there when working tickets, you have to look closely with Ray IDs

EErisa 😁 I've been there when working tickets, you have to look closely with Ray IDs

dave•7/5/23, 4:40 PM

can I filter by ray id here? (I know we've been over this before, my bad, I forgot.

)

Erisa•7/5/23, 4:40 PM

You can't, its sampled

Erisa•7/5/23, 4:40 PM

Only in Security > Events and logpush/logpull/etc.

dave•7/5/23, 4:47 PM

Ah right, so I should be seeing it in logpush..

dave•7/5/23, 4:47 PM

Is it possible for a

ParentRayID

ParentRayID

to come from a different Cloudflare account?

EErisa There is one but it only allows sending to pre-approved addresses <https://devel...

dave•7/5/23, 4:56 PM

Can you pre-approve an entire domain? (Pretty sure no, but sanity checking.)

Erisa•7/5/23, 4:57 PM

You cannot

Ddave Is it possible for a `ParentRayID` to come from a different Cloudflare account?

Erisa•7/5/23, 4:57 PM

I've never checked that, so cant tell you for sure immediately - I would guess not though

Caeden•7/5/23, 4:57 PM

Hi all! sorry to disturb does anyone know how to add a subdomain to a page like mydomain.co.za/jobs.html to jobs.mydomain.co.za? Its hosted on my webserver

EErisa I've never checked that, so cant tell you for sure immediately - I would guess n...

dave•7/5/23, 4:59 PM

hmm, I'm looking at one of my http logpush files and I don't see the parent ray ID in the same file as the ray ID itself.

Chaika•7/5/23, 5:03 PM

you could use a custom field for the cf-worker request header I believe as well, would work for worker requests from other accounts, although that would only give you zone

CChaika you could use a custom field for the cf-worker request header I believe as well,...

dave•7/5/23, 5:47 PM

yeah, I had that on already, sadly nothing showed up for it.

dave•7/5/23, 5:47 PM

  "RequestHeaders": {
    "sec-fetch-dest": "iframe",
    "sec-fetch-mode": "navigate",
    "sec-fetch-site": "cross-site"
  },

  "RequestHeaders": {
    "sec-fetch-dest": "iframe",
    "sec-fetch-mode": "navigate",
    "sec-fetch-site": "cross-site"
  },

Chaika•7/5/23, 5:50 PM

ah rip, I've noticed logpush is a bit weird as to where it runs in the flow. Adding request headers via transform rules doesn't allow them to be included as custom fields, only as response headers.

CChaika ah rip, I've noticed logpush is a bit weird as to where it runs in the flow. Add...

dave•7/5/23, 5:51 PM

ooo I think you're onto something with the transform rules

Chaika•7/5/23, 5:53 PM

doesn't look like cf.worker.upstream_zone is usable in transform rules

dave•7/5/23, 5:54 PM

dang it

dave•7/5/23, 8:48 PM

2023-07-05T20:48:10Z ERR failed to connect to origin error="websocket: bad handshake" originURL=https://asdf.example.com

2023-07-05T20:48:10Z ERR failed to connect to origin error="websocket: bad handshake" originURL=https://asdf.example.com

Is this because of a mismatch of cloudflared versions or something?

dave•7/5/23, 8:49 PM

dave@mbp odd % cloudflared --version
cloudflared version 2023.6.1 (built 2023-06-20T08:24:26Z)

dave@mbp odd % cloudflared --version
cloudflared version 2023.6.1 (built 2023-06-20T08:24:26Z)

Remote server is running 2023.3.1.

Ddave ``` dave@mbp odd % cloudflared --version cloudflared version 2023.6.1 (built 202...

Cyb3r-Jak3•7/5/23, 8:52 PM

That can happen for many reasons. Such as having web sockets disabled or binding cookie for the access policy

CCyb3r-Jak3 That can happen for many reasons. Such as having web sockets disabled or binding...

dave•7/5/23, 8:58 PM

any way to troubleshoot where the failure is?

Ddave any way to troubleshoot where the failure is?

Cyb3r-Jak3•7/5/23, 9:02 PM

Check that websockets are enabled and you have binding cookie off. Unfortunately there isn’t a good way to get logs from cloudflared for this, at least that I’ve found

CCyb3r-Jak3 Check that websockets are enabled and you have binding cookie off. Unfortunately...

dave•7/5/23, 9:03 PM

where are those options?

dave•7/5/23, 9:03 PM

this is for ssh for context

dave•7/5/23, 9:04 PM

ah fudge I see this is my fault

dave•7/5/23, 9:06 PM

yeah

dave•7/5/23, 9:06 PM

so a redirect rule broke it

dave•7/5/23, 9:18 PM

Why do redirect rules apply to tcp/ssh tunnels?

Ddave Why do redirect rules apply to tcp/ssh tunnels? 😅

Cyb3r-Jak3•7/5/23, 9:20 PM

If I remember correctly it’s because tunnels aren’t really TCP unless you use private networking. They are just TCP over websocket

So if that is a hard requirement, then might want to look somewhere else, at least for that

Similar Threads

Similar Threads

Similar Threads