The ARC support is intended to improve security by adding a signature verifying the integrity of the

The ARC support is intended to improve security by adding a signature verifying the integrity of the headers that we saw when the mail was submitted to us. It's not intended to help bypass any receiver security measures. I think that the DEFCON researcher is misguided in his interpretation of ARC being some kind of backdoor. It's very much not that.

Sskoogeer The ARC support is intended to improve security by adding a signature verifying ...

zegevlier•8/14/23, 7:43 PM

I think that the DEFCON researcher is misguided in his interpretation of ARC being some kind of backdoor.

That was not the impression I got from reading the slides. I understood it as "This is another thing that MailChannels does that makes it easier for abuse to get delivered", which seems accurate

James•8/14/23, 7:47 PM

Agreed ^. You need to address how you're planning to fix the underlying issues brought up in the entire talk @ttul

archon810•8/14/23, 8:12 PM

Hi,

Now that firewall rules have become custom rules, we can finally specify a custom HTML block response per rule, which is fantastic.

However, a few things could be improved.

There’s no way to quickly customize just the block reason because custom HTML replaces the whole block page. Ideally, there’d be a way to use an existing CF template and just customize the block reason.

To work around that, I pulled HTML from CF’s existing block page and made a few tweaks, including specifying a custom reason. Upon submitting the HTML, I saw that the response limit is a measly 2048 bytes, which isn’t even enough to serve CF’s own block page. I had to cut it down severely. Ideally, the limit would be a bit higher - at least 4096 bytes.

How do we use dynamic fields in responses? I tried using ::RAY_ID:: and ::CLIENT_IP:: per https://developers.cloudflare.com/support/more-dashboard-apps/cloudflare-custom-pages/configuring-custom-pages-error-and-challenge/, but they just got output verbatim instead of their dynamic values.

valkyrie_pilot•8/14/23, 9:31 PM

can cloudflare images scan for illegal and other unsavory content at upload?

Dubz•8/14/23, 9:44 PM

Is there a way we can transfer domains from one account to another if it's registered on Cloudflare, without renewing/transferring? I'd imagine that could be an issue being the same registrar, but support may be able to do it?

DDubz Is there a way we can transfer domains from one account to another if it's regis...

Erisa•8/14/23, 9:46 PM

There isn't, I recommend upvoting it here https://community.cloudflare.com/t/feature-request-registrar-transfer-between-cloudflare-accounts/540582

Cloudflare Community

Feature Request: Registrar Transfer between Cloudflare Accounts

Currently, domains registered with Cloudflare Registrar cannot be transferred between Cloudflare accounts. This is a request to add the ability to transfer domains registered in one Cloudflare account to another Cloudflare account This inability to transfer between accounts can be a significant roadblock. A person may have to go through the pro...

Dubz•8/14/23, 9:47 PM

Can it be done with an official transfer request, or does that not work within the same registrar?

Dubz•8/14/23, 10:01 PM

That's wack

Dubz•8/14/23, 10:01 PM

Thanks for the info tho

clerick x•8/15/23, 2:28 AM

CF_PAGES_URL is the preview url for some reason

EErisa Ticket was what I would have recommended so all good

sathoro•8/15/23, 4:55 AM

still waiting on this meanwhile Free Cloudflare zones get 1 rate limiting rule by default which is all we needed D:

Ttaylorswiftfan Are there any resources on how to actually use Cloudflare CDN? The docs have 0 m...

Karew•8/15/23, 5:33 AM

The TLDR is: (1) Make sure the domain/subdomain you’re using has the orange cloud icon in the Cloudflare DNS settings, which means Cloudflare is protecting it (2) Set up Cache Rules to specify rules for files you want to cache, otherwise you get the default CDN behavior

Karew•8/15/23, 5:34 AM

Anything behind Cloudflare is already using the CDN

chientrm.com•8/15/23, 5:51 AM

Screen_Shot_2023-08-15_at_12.51.20_PM.png

Soham•8/15/23, 6:40 AM

https://www.techradar.com/pro/cloudflare-tunnels-are-being-used-to-breach-networks

TechRadar

Cloudflare Tunnels are being used to breach networks

Benign tool is being used to steal data by abusing Cloudflare Tunnels

Soham•8/15/23, 6:52 AM

Is cloudflare aware of this?

SSoham Is cloudflare aware of this?

chientrm.com•8/15/23, 6:57 AM

perfect tool.

chientrm.com•8/15/23, 6:57 AM

May aswell grab the credentials inside ~/.cloudflare and do funny back.

Soham•8/15/23, 7:00 AM

Does the folder even exist if you install cloudflared as a service though?

Soham•8/15/23, 7:01 AM

I thought it was only for if you manually configured the tunnel

SSoham Does the folder even exist if you install cloudflared as a service though?

chientrm.com•8/15/23, 7:02 AM

yep afaik.

SSoham I thought it was only for if you manually configured the tunnel

Hello, I’m Allie!•8/15/23, 8:21 AM

The only time it doesn’t exist is when you run a Dash Tunnel manually

Ssathoro still waiting on this meanwhile Free Cloudflare zones get 1 rate limiting rule b...

Erisa•8/15/23, 8:42 AM

Hey, what's the ticket number? I can take a look for you

EErisa Hey, what's the ticket number? I can take a look for you

sathoro•8/15/23, 8:43 AM

2894026 thank you!

Erisa•8/15/23, 8:44 AM

On it

SSoham https://www.techradar.com/pro/cloudflare-tunnels-are-being-used-to-breach-networ...

Dubz•8/15/23, 8:48 AM

I had the same thoughts about tunnels when it launched, but didn't want to be that guy to give birth to it. Then again, if I thought of it, so would someone else...

Ssathoro 2894026 thank you!

Erisa•8/15/23, 8:52 AM

Added RL and replied, sorry again for the trouble!

Erisa•8/15/23, 8:52 AM

there is an explanation of sorts in the ticket

EErisa Added RL and replied, sorry again for the trouble!

sathoro•8/15/23, 11:39 AM

thanks

SSoham https://www.techradar.com/pro/cloudflare-tunnels-are-being-used-to-breach-networ...

Cyb3r-Jak3•8/15/23, 11:49 AM

I mean it’s the same with any tunnel program like ngrok or even net cat. If a free tool exists it will get abused

Gglendc Would there be a channel here where I can propose some possible contributions to...

Erisa•8/15/23, 4:06 PM

The Issues on that repo would be the most appropriate place

Dubz•8/15/23, 9:22 PM

Is it possible to block cloudflared from being used as a service but not as a client? WARP is not an option in my circumstances but curious if the service/client side of cloudflared use different hostnames and/or ports

Erisa•8/15/23, 9:38 PM

Sure, just do the opposite of these https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/install-and-setup/ports-and-ips/

Tunnel with firewall · Cloudflare Zero Trust docs

Users can implement a positive security model with Cloudflare Tunnel by restricting traffic originating from cloudflared. The parameters below can be …

!_r3c4•8/15/23, 9:38 PM

EErisa Sure, just do the opposite of these https://developers.cloudflare.com/cloudflare...

Dubz•8/16/23, 4:15 AM

I'm kinda confused on what part of the connection that's referring to.

divby0•8/16/23, 9:15 AM

When I want to register a low-price domain, is there a way to see a list of domain extensions with their prices or even sort by price then? Not specifically for my domain, just the extensions would be helpful already, currently the list of supported extensions is listed without price or anything else, just the bare "com" or "org" part

divby0•8/16/23, 9:17 AM

I saw for example that .work.work is $6.18 but currently it's really really difficult to explore low price extensions

kian•8/16/23, 9:52 AM

https://github.com/Cloudflare-Mining/Cloudflare-Datamining/blob/main/data/registrar/README.md

GitHub

Cloudflare-Datamining/data/registrar/README.md at main · Cloudflare...

Public datamining for all things Cloudflare. Contribute to Cloudflare-Mining/Cloudflare-Datamining development by creating an account on GitHub.

kian•8/16/23, 10:08 AM

kian•8/16/23, 10:08 AM

Seems like these are the cheapest ones

Erisa•8/16/23, 10:16 AM

party is a great tld

Kkian Click to see attachment

divby0•8/16/23, 10:40 AM

that list looks nice! I got the _list.json and going to sort it to see all of them, thank you kian

The ARC support is intended to improve security by adding a signature verifying the integrity of the

Similar Threads

Similar Threads

Similar Threads