Cloudflare Developers•3y ago

Enterprise only

KarewOP•9/24/23, 4:06 AM

You can do a lot of API shielding with your WAF rules though

KarewOP•9/24/23, 4:07 AM

Rate limits, automatically discarding requests with bad or missing headers, etc

Millionaire Draw•9/24/23, 10:24 AM

Good morning everyone, I would really appreciate some help. I have a worker that is over a year old that uses BUFFER and CRYPTO. When I create a new worker with the exact same code and npm libaries I get errors. Specifically BUFFER does not exist and CRYPTO is not declared. What can I do. I really don't want to mess with my legacy worker in case I break it

Abhinav Saraswat•9/24/23, 11:09 AM

Hi everyone,
I'm facing an issue with the cloudflare CDN. I'm using workers to update the response by adding some headers. But somehow the last-modified value in the response through CDN is coming different from the original response if we access without CDN. Is it due to cloudflare caching?

AAm1nCmd Hello everyone I setup my website security Level to High, then change it to Med...

Isaac McFadyen•9/24/23, 11:56 AM

Do you mean all of your users are seeing that, or you are when accessing other sites?

Kasumi•9/24/23, 3:17 PM

Is there a reason if you use the E-Mail Code for Zero Trust login that you get the email just a few hours ago

Kasumi•9/24/23, 3:22 PM

If someone in my Team tries to login into Web SSH or generally with Cloudflare Zero Trust he dont get any Code from Cloudflare to Autehnticate

Kasumi•9/24/23, 3:22 PM

Anf if just much hours too late. Thats an issue that exists since idk much years. And really needs to get fixed soon

Original message was deleted

Kasumi•9/24/23, 3:39 PM

I cant think when someone disturbs me and sais the whole time that it doesnt work etfc

KKarew Enterprise only

Ricky U•9/24/23, 4:43 PM

I was looking for a way to protect all my cf pages endpoints functions(workers) with pre auth checks on the headers, validatie jsonwebtoken etc.. What are my options using cf? Was hoping cf API sheild would be an option, but only for ent customers..

Frerduro•9/24/23, 4:45 PM

Is this even XSS? a trusted user is being flagged and blocked for XSS and I dont know if I should be disabling this or bypassing them

Original message was deleted

Frerduro•9/24/23, 4:48 PM

there is nothing extra in the json export. Are you saying it could be some of the text they are trying to save be flagging this?

Isaac McFadyen•9/24/23, 4:48 PM

Yup. That's a likely reason. As far as I can see the path and query string look fine.

Isaac McFadyen•9/24/23, 4:48 PM

Assuming that the query string is meant to be the filename they are trying to save.

Frerduro•9/24/23, 4:49 PM

yeah they are just trying to edit a yaml file through pterodactyl

Isaac McFadyen•9/24/23, 4:49 PM

Do you know what they're trying to put in the YAML file?

Frerduro•9/24/23, 4:49 PM

ill ask

Isaac McFadyen•9/24/23, 4:49 PM

That rule looks like it's detecting JavaScript, which shouldn't be present in YAML.

IIsaac McFadyen That rule looks like it's detecting JavaScript, which shouldn't be present in YA...

Frerduro•9/24/23, 4:54 PM

looking at the file now I dont see javascript its just mythicmobs code

Isaac McFadyen•9/24/23, 4:55 PM

Hmm interesting. Possibly a false detection then?

Frerduro•9/24/23, 4:56 PM

I dont want to completly disable XSS detection through

Isaac McFadyen•9/24/23, 4:56 PM

Yeah. If you're on a non-Free plan you might be able to tune the sensitivity of that detection? Or bypass the user manually, but if it happens again that might get tedious.

Frerduro•9/24/23, 4:57 PM

its flagging me when I try to save the file

fmorenoadmin•9/24/23, 4:58 PM

HELP. When I make a POST with JQuery, it gives me the following page as a response:
Please wait while your request is being verified...

Frerduro•9/24/23, 4:58 PM

I can setup a waf skip rule but it will skip ALL managed rules not a specific one

Original message was deleted

Frerduro•9/24/23, 4:58 PM

no it doesn't

Frerduro•9/24/23, 4:59 PM

oh sorry mis read what you said

Original message was deleted

Isaac McFadyen•9/24/23, 4:59 PM

If it was Free it would say "Free Managed Ruleset"

Isaac McFadyen•9/24/23, 4:59 PM

But yeah probably not lul

Frerduro•9/24/23, 5:01 PM

kinda sucks you can't make a skip rule to only skip a specific managed rule

Frerduro•9/24/23, 5:02 PM

yea I can

Bjarn•9/24/23, 8:57 PM

Hey! Is it me or are network and 5xx related issues really common lately? Its happening quite a lot I think, Cloudflare used to be more stable I remember.

re: #cloudflare-status

Bjarn•9/24/23, 9:56 PM

Yup saw it, I notice it mainly because of the performance notifications from monitoring, huge spikes periods of slower averages and they reflect the incidents on the status page indeed

Bjarn•9/24/23, 9:57 PM

And sometimes 520s today, but that’s also part of the ongoing inc indeed

Wakacau•9/25/23, 3:09 AM

hello, anybody know how many days CF trust and safety review abuse report since we clicked request review? i have domain that marked false report as phishing and also affected with our subdomain