Please dont make more tickets it just causes more issues for us - I've replied to your ticket, sorry

Please dont make more tickets it just causes more issues for us - I've replied to your ticket, sorry to hear about the delay

Original message was deleted

Kasumi•9/6/23, 12:56 PM

it was cloudflared

Kasumi•9/6/23, 12:56 PM

And we took the first half down by reloading the firewall gx_heh

Kasumi•9/6/23, 12:57 PM

The second half was then taken down by a cloudflared restart that just took too long GammaSweat

Kasumi•9/6/23, 12:58 PM

But as long as Cloudflare Always On exists its an minor outage

Original message was deleted

Kasumi•9/6/23, 12:58 PM

Ah okay

Kasumi•9/6/23, 12:58 PM

I dont have any network connection soon

Kasumi•9/6/23, 12:58 PM

Kasumi•9/6/23, 1:00 PM

Yea

Kasumi•9/6/23, 1:00 PM

Youre not allowed to do one thing....

Kasumi•9/6/23, 1:00 PM

Nerver reload the firewall without stay directly face to face with the server

EErisa Please dont make more tickets it just causes more issues for us - I've replied t...

Advany•9/6/23, 5:05 PM

ok. Got it!

Sstavros-k Yea I agree that not everything can be a worker. But I currently see a need in m...

dave•9/6/23, 5:51 PM

personally, I like using Workers for public facing APIs, and have them call Lambdas if a container is needed. https://github.com/aimoda/cloudflare-worker-to-aws-lambda-function-url-example

dave•9/6/23, 5:58 PM

With

Total TLS

Total TLS

, will I still be rate limited to new 50 certificates per week because Cloudflare uses Let's Encrypt? https://letsencrypt.org/docs/rate-limits/

Rate Limits

Let’s Encrypt provides rate limits to ensure fair usage by as many people as possible. We believe these rate limits are high enough to work for most people by default. We’ve also designed them so renewing a certificate almost never hits a rate limit, and so that large organizations can gradually increase the number of certificates they can issue...

dave•9/6/23, 6:33 PM

Why do I get a

set-cookie: CF_Authorization=blahblah

set-cookie: CF_Authorization=blahblah

in my response header if I'm only using Service Auth?

kian•9/6/23, 6:58 PM

The same JWT is passed to the origin for validation, and the 'client' in this case could throw it in a cookie pot I suppose

Kkian The same JWT is passed to the origin for validation, and the 'client' in this ca...

dave•9/6/23, 6:59 PM

hmm, so could somebody take the JWT, and then use it on a server that doesn't have it's IP whitelisted by Cloudflare?

kian•9/6/23, 7:09 PM

You can take the cookie & remove the

CF-Access-Client-Id

CF-Access-Client-Id

and

CF-Access-Client-Secret

CF-Access-Client-Secret

headers.

Fernando Dilland•9/6/23, 7:17 PM

Does anyone know how to transfer a domain registered in Cloudflare register to another Cloudflare account?

kian•9/6/23, 7:17 PM

You can't

kian•9/6/23, 7:18 PM

You'd have to transfer it out to a different registrar, wait and transfer it to the other account

Ddave hmm, so could somebody take the JWT, and then use it on a server that doesn't ha...

Cyb3r-Jak3•9/6/23, 7:18 PM

Yeah you can stick JWT on requests. Which is why you should always validate JWT

CCyb3r-Jak3 Yeah you can stick JWT on requests. Which is why you should always validate JWT

dave•9/6/23, 7:19 PM

wait, seriously? So having a JWT will bypass all my Access rules?

Ddave wait, seriously? So having a JWT will bypass all my Access rules?

Cyb3r-Jak3•9/6/23, 7:20 PM

Oh sorry misread it. Access rules valid JWTs

CCyb3r-Jak3 Oh sorry misread it. Access rules valid JWTs

dave•9/6/23, 7:27 PM

if the JWT is valid but the IP isn't in my service auth list, it'll still fail right?

Ddave if the JWT is valid but the IP isn't in my service auth list, it'll still fail r...

Cyb3r-Jak3•9/6/23, 7:37 PM

Yeah the full access rule will be evaluated

Chaika•9/6/23, 7:39 PM

There's a table here for things that are checked at login vs checked continuously: https://developers.cloudflare.com/cloudflare-one/policies/access/#selectors

Access policies · Cloudflare Zero Trust docs

Cloudflare Access determines who can reach your application by applying the Access policies you configure.

Chaika•9/6/23, 7:40 PM

don't think there's anything unexpected in that though, basically just the login stuff isn't constantly checked, or external eval, because you would have to go through the flow again

Chaika•9/6/23, 7:42 PM

in the access app settings as well you can enable a "binding cookie" which associates the access token with the current "browser": https://developers.cloudflare.com/cloudflare-one/identity/authorization-cookie/#binding-cookie

The Binding Cookie associates the browser with the Access token; the association protects against compromised authorization tokens because the origin webapp would never see this binding cookie. This protects against session hijack style attacks.

Kasumi•9/6/23, 9:56 PM

Does cloudflare preload from CF cache and then load small changes or so like blog things or so as soon as the page is loaded?

conqr ᯅ•9/7/23, 12:41 AM

Is the

host

host

parameter on Origin Rules locked behind a specific plan? I'm getting "not entitled to use the Origin Host override" when trying to edit it

kian•9/7/23, 12:41 AM

Yep, Enterprise

conqr ᯅ•9/7/23, 12:43 AM

Is there another way to internally rewrite something like example.com/blogexample.com/blog to another IP / host (like blog.example.comblog.example.com)

kian•9/7/23, 12:44 AM

Workers can (100k reqs per day for free), Snippets will be able to (free, lightweight Workers but not yet available)

Kkian Workers can (100k reqs per day for free), Snippets will be able to (free, lightw...

conqr ᯅ•9/7/23, 12:50 AM

Workers Route right?

CChaika There's a table here for things that are checked at login vs checked continuousl...

dave•9/7/23, 1:37 AM

Thank you, exactly what I was looking for!

justaname•9/7/23, 2:15 AM

I have this really odd question if i got an api setup on something like test.com/api/endpoint can a domain like api.test.com/endpoint point twoards test.com/api/endpoint? is that something thats possible?

Kasumi•9/7/23, 5:08 AM

Could be possible I guess