Yes, the upgrades are included as HTTP requests. You likely are getting non-browser traffic on http

Yes, the upgrades are included as HTTP requests. You likely are getting non-browser traffic on http which is being redirected. HSTS preload should cut down on the amount of browsers which request http, explaining why almost all traffic goes straight to TLS

EErisa Yes, the upgrades are included as HTTP requests. You likely are getting non-brow...

az•2/25/24, 3:28 PM

thanks :)

ErisaOP•2/25/24, 4:07 PM

Yes its new, docs are here https://developers.cloudflare.com/dns/dnssec/multi-signer-dnssec/about/

Cloudflare Docs

About multi-signer DNSSEC · Cloudflare DNS docs

This is a simplified explanation to give you context and clarify what is involved in a multi-signer DNSSEC setup. For technical details refer to RFC …

FF0rce in a cloudflare worker environment when should I use `cache.default` or open whe...

Hello, I’m Allie!•2/25/24, 5:23 PM

Theoretically, if you want to cache something on a URL that otherwise doesn’t exist

HHello, I’m Allie!Theoretically, if you want to cache something on a URL that otherwise doesn’t ex...

F0rce•2/25/24, 5:25 PM

I would like to use the cache to save a result from a query (in my case a roles table) that changes pretty unregularily. Should I instead use kv for that, or can I really use the cache for that

skkkekjf•2/25/24, 5:35 PM

Hello everyone, I have a question, I am sharing my cloudflare service with other friends, as a super administrator it allows me to use cloudflare Images but they ask my friends to pay again, do I have to give them any permission apart from cloud images?

ErisaOP•2/25/24, 6:00 PM

Are you sure they are clicking on the right Cloudflare account on their dashboard? They should have multiple listed

ErisaOP•2/25/24, 6:01 PM

also

ErisaOP•2/25/24, 6:01 PM

?channel-crossposting

Flare•2/25/24, 6:01 PM

Please do not post your question in multiple channels per the rules at #

welcome-and-rules. It creates confusion for people trying to help you and doesn't get your issue or question solved any faster.

EErisa Are you sure they are clicking on the right Cloudflare account on their dashboar...

skkkekjf•2/25/24, 6:12 PM

Yeah, I can use cloudflare images without problems for my API, but when I give Cloud Image permission to my friends they ask them to pay again

AAndy I also don't want them to be able to buy stuff using my money on the domain but ...

Andy•2/25/24, 9:10 PM

Does anyone know this?

EErisa Yes its new, docs are here https://developers.cloudflare.com/dns/dnssec/multi-si...

yev•2/25/24, 9:11 PM

this is really cool and i'm glad its a thing, very important to have this function for when you are migrating zones without disabling dnssec!

Sskkkekjf Hello everyone, I have a question, I am sharing my cloudflare service with other...

yev•2/25/24, 9:11 PM

sounds like that person is confusing accounts and turning things on within his own personal account as well as yours

AAndy Does anyone know this?

yev•2/25/24, 9:13 PM

if you dont want billing access, dont allow super-admin role and instead select all the other roles individuallythat is needed, I'm pretty sure there's an admin role without billing access

Andy•2/25/24, 9:13 PM

ErisaOP•2/25/24, 9:14 PM

Those are domain scoped roles, pick "All domains" above to see account-level roles

Yyev if you dont want billing access, dont allow super-admin role and instead select...

ErisaOP•2/25/24, 9:16 PM

Yeah, "Administrator" is the regular one that doesnt allow billing or member management.
Super Administrator is actually a very dangerous permission because there is no concept of hierarchy so not only can this new member spend money with your linked payment details but they can also boot you out of your own account

yev•2/25/24, 9:16 PM

oh yeah lol, user management

AAndy Click to see attachment

yev•2/25/24, 9:19 PM

domain scoped roles is an enterprise only thing, you can leave those alone and the account roles is either the page before or after that one

Yyev domain scoped roles is an enterprise only thing, you can leave those alone and t...

ErisaOP•2/25/24, 9:22 PM

domain scoped roles is an enterprise only thing

Nope, they are available to everyone

EErisa > domain scoped roles is an enterprise only thing Nope, they are available to ev...

yev•2/25/24, 9:22 PM

oh? i guess that changed since last year

ErisaOP•2/25/24, 9:23 PM

The rollout started late 2022 and completed sometime in 2023

ErisaOP•2/25/24, 9:23 PM

https://blog.cloudflare.com/rbac-for-everyone/ (the blog is not overly clear but this includes domain ones as well)

The Cloudflare Blog

Get the latest news on how products at Cloudflare are built, technologies used, and join the teams helping to build a better Internet.

yev•2/25/24, 9:23 PM

oh fun, thanks!

ErisaOP•2/25/24, 9:24 PM

The only access control features that are Enterprise-only are SSO and the new API Access controls

yev•2/25/24, 9:27 PM

I know SSO was a deciding factor for a few to upgrade to enterprise for sure, API access controls sounds neat too. I just hope most businesses end up following best practices and not give everyone super-admin

fedeb🇦🇷•2/25/24, 10:06 PM

If my tunnel zero trust is down going to the subdomain shows an Error 1033 Argo Tunnel error
How can I make a redirect or something to send to another website until the Tunnel is back again?

Ffedeb🇦🇷If my tunnel zero trust is down going to the subdomain shows an Error 1033 Argo ...

ErisaOP•2/25/24, 10:16 PM

To do it without a Worker you'd need a pro plan because then you can use https://developers.cloudflare.com/rules/custom-error-responses/
which supports ruleset expression matching, within which you can check if cf.response.1xxx_codecf.response.1xxx_code is equal to 10331033
https://developers.cloudflare.com/ruleset-engine/rules-language/fields/#http-response-fields

Note: This field is only available in HTTP response header modifications and custom error responses.

EErisa To do it without a Worker you'd need a pro plan because then you can use <https:...

fedeb🇦🇷•2/25/24, 10:18 PM

mm no pro plan.
so only worker, something like this?
addEventListener('fetch', event => {
event.respondWith(handleRequest(event.request))
})
async function handleRequest(request) {
let response = await fetch(request)
if (response.status === 503) {
return Response.redirect('https://backup.example.com', 302)
}
return response
}

ErisaOP•2/25/24, 10:19 PM

For 1033 it would be 530 instead of 503

ErisaOP•2/25/24, 10:19 PM

But something like that yeah

ErisaOP•2/25/24, 10:20 PM

Just keep in mind 530 also includes a lot of other things here: https://developers.cloudflare.com/support/troubleshooting/cloudflare-errors/troubleshooting-cloudflare-1xxx-errors/#overview

az•2/25/24, 10:31 PM

is there a cloudflare radar for types of dns used ? eg doh vs unencrypted

Ffedeb🇦🇷mm no pro plan. so only worker, something like this? addEventListener('fetch', e...

yev•2/25/24, 11:24 PM

pro plan is so cheap tho, 20 bucks a month is cheaper than many Netflix plans lol

Yyev pro plan is so cheap tho, 20 bucks a month is cheaper than many Netflix plans l...

fedeb🇦🇷•2/25/24, 11:27 PM

anyway worker does't work, it has a limit of 100k request per day and after enabling my test it consumes 200 on 3 miniutes no idew why but is not a solution.
but Custom Error Response can't redirect to another url if tunnel is down, if not reading wrong.
so my problem there is no solution to do.

yev•2/25/24, 11:28 PM

yeah something seems wrong with the setup to eat up that many requests so quickly

Walshy•2/25/24, 11:40 PM

Probably just bots hitting it since it was just setup

real.neu•2/25/24, 11:57 PM

it's funny with tailscale funnels

real.neu•2/25/24, 11:58 PM

i instantly get a shitload of bots hitting random stuff

real.neu•2/25/24, 11:58 PM

vulnerabilities, wordpress stuff, just tons of random requests

real.neu•2/25/24, 11:59 PM

it's probably since the ssl cert gets issues when you first open the tunnel, and some funny script kiddies are scanning the issued ones

Ffedeb🇦🇷anyway worker does't work, it has a limit of 100k request per day and after enab...

Kasumi•2/26/24, 7:32 AM

Reason why I never would use Workers because such limits are the biggest shiq someone can do. Its also saying "Yes we have DDoS Protection, but nobody is able anymore to access the Website because the limit was reached :BL_Shrug:

Kasumi•2/26/24, 7:34 AM

You want to take down a Website? Just get some dudes that are spamming the reload button

KKasumi Reason why I never would use Workers because such limits are the biggest shiq so...

Hello, I’m Allie!•2/26/24, 7:34 AM

I’m not sure I understand? That limit is only on free-plan Workers

Kasumi•2/26/24, 7:35 AM

And on pro there are no limits?

KKasumi And on pro there are no limits?

Hello, I’m Allie!•2/26/24, 7:35 AM

None that you can’t pay your way out of

Hello, I’m Allie!•2/26/24, 7:35 AM

Wait

DepstR•2/26/24, 7:35 AM

Since when were the fields "Service" and "Protocol" removed in the SRV DNS record?

Hello, I’m Allie!•2/26/24, 7:35 AM

Paying for Pro on a Zone doesn’t affect the amount of Workers requests that you can make

Yes, the upgrades are included as HTTP requests. You likely are getting non-browser traffic on http

Similar Threads

Similar Threads

Similar Threads