- Cloudflare Developers

Cloudflare Developers•2y ago

Andy

Erisa•2/25/24, 9:14 PM

Those are domain scoped roles, pick "All domains" above to see account-level roles

Yyev if you dont want billing access, dont allow super-admin role and instead select...

Erisa•2/25/24, 9:16 PM

Yeah, "Administrator" is the regular one that doesnt allow billing or member management.
Super Administrator is actually a very dangerous permission because there is no concept of hierarchy so not only can this new member spend money with your linked payment details but they can also boot you out of your own account

yev•2/25/24, 9:16 PM

oh yeah lol, user management

AAndy Click to see attachment

yev•2/25/24, 9:19 PM

domain scoped roles is an enterprise only thing, you can leave those alone and the account roles is either the page before or after that one

Yyev domain scoped roles is an enterprise only thing, you can leave those alone and t...

Erisa•2/25/24, 9:22 PM

domain scoped roles is an enterprise only thing

Nope, they are available to everyone

EErisa > domain scoped roles is an enterprise only thing Nope, they are available to ev...

yev•2/25/24, 9:22 PM

oh? i guess that changed since last year

Erisa•2/25/24, 9:23 PM

The rollout started late 2022 and completed sometime in 2023

Erisa•2/25/24, 9:23 PM

https://blog.cloudflare.com/rbac-for-everyone/ (the blog is not overly clear but this includes domain ones as well)

The Cloudflare Blog

Get the latest news on how products at Cloudflare are built, technologies used, and join the teams helping to build a better Internet.

yev•2/25/24, 9:23 PM

oh fun, thanks!

Erisa•2/25/24, 9:24 PM

The only access control features that are Enterprise-only are SSO and the new API Access controls

yev•2/25/24, 9:27 PM

I know SSO was a deciding factor for a few to upgrade to enterprise for sure, API access controls sounds neat too. I just hope most businesses end up following best practices and not give everyone super-admin

fedeb🇦🇷•2/25/24, 10:06 PM

If my tunnel zero trust is down going to the subdomain shows an Error 1033 Argo Tunnel error
How can I make a redirect or something to send to another website until the Tunnel is back again?

Ffedeb🇦🇷If my tunnel zero trust is down going to the subdomain shows an Error 1033 Argo ...

Erisa•2/25/24, 10:16 PM

To do it without a Worker you'd need a pro plan because then you can use https://developers.cloudflare.com/rules/custom-error-responses/
which supports ruleset expression matching, within which you can check if

cf.response.1xxx_code

cf.response.1xxx_code

is equal to

https://developers.cloudflare.com/ruleset-engine/rules-language/fields/#http-response-fields

Note: This field is only available in HTTP response header modifications and custom error responses.

EErisa To do it without a Worker you'd need a pro plan because then you can use <https:...

fedeb🇦🇷•2/25/24, 10:18 PM

mm no pro plan.
so only worker, something like this?
addEventListener('fetch', event => {
event.respondWith(handleRequest(event.request))
})
async function handleRequest(request) {
let response = await fetch(request)
if (response.status === 503) {
return Response.redirect('https://backup.example.com', 302)
}
return response
}

Erisa•2/25/24, 10:19 PM

For 1033 it would be 530 instead of 503

Erisa•2/25/24, 10:19 PM

But something like that yeah

Erisa•2/25/24, 10:20 PM

Just keep in mind 530 also includes a lot of other things here: https://developers.cloudflare.com/support/troubleshooting/cloudflare-errors/troubleshooting-cloudflare-1xxx-errors/#overview

az•2/25/24, 10:31 PM

is there a cloudflare radar for types of dns used ? eg doh vs unencrypted

Ffedeb🇦🇷mm no pro plan. so only worker, something like this? addEventListener('fetch', e...

yev•2/25/24, 11:24 PM

pro plan is so cheap tho, 20 bucks a month is cheaper than many Netflix plans lol

Yyev pro plan is so cheap tho, 20 bucks a month is cheaper than many Netflix plans l...

fedeb🇦🇷•2/25/24, 11:27 PM

anyway worker does't work, it has a limit of 100k request per day and after enabling my test it consumes 200 on 3 miniutes no idew why but is not a solution.
but Custom Error Response can't redirect to another url if tunnel is down, if not reading wrong.
so my problem there is no solution to do.

yev•2/25/24, 11:28 PM

yeah something seems wrong with the setup to eat up that many requests so quickly

Walshy•2/25/24, 11:40 PM

Probably just bots hitting it since it was just setup

real.neu•2/25/24, 11:57 PM

it's funny with tailscale funnels

real.neu•2/25/24, 11:58 PM

i instantly get a shitload of bots hitting random stuff

real.neu•2/25/24, 11:58 PM

vulnerabilities, wordpress stuff, just tons of random requests

real.neu•2/25/24, 11:59 PM

it's probably since the ssl cert gets issues when you first open the tunnel, and some funny script kiddies are scanning the issued ones

Ffedeb🇦🇷anyway worker does't work, it has a limit of 100k request per day and after enab...

Kasumi•2/26/24, 7:32 AM

Reason why I never would use Workers because such limits are the biggest shiq someone can do. Its also saying "Yes we have DDoS Protection, but nobody is able anymore to access the Website because the limit was reached :BL_Shrug:

Kasumi•2/26/24, 7:34 AM

You want to take down a Website? Just get some dudes that are spamming the reload button

KKasumi Reason why I never would use Workers because such limits are the biggest shiq so...

Hello, I’m Allie!•2/26/24, 7:34 AM

I’m not sure I understand? That limit is only on free-plan Workers

Kasumi•2/26/24, 7:35 AM

And on pro there are no limits?

KKasumi And on pro there are no limits?

Hello, I’m Allie!•2/26/24, 7:35 AM

None that you can’t pay your way out of

Hello, I’m Allie!•2/26/24, 7:35 AM

Wait

DepstR•2/26/24, 7:35 AM

Since when were the fields "Service" and "Protocol" removed in the SRV DNS record?

Hello, I’m Allie!•2/26/24, 7:35 AM

Paying for Pro on a Zone doesn’t affect the amount of Workers requests that you can make

Hello, I’m Allie!•2/26/24, 7:36 AM

Workers Paid and Pro are two separate things

Kasumi•2/26/24, 7:36 AM

I already paid for CF Pro so I dont pay for Workers too

KKasumi I already paid for CF Pro so I dont pay for Workers too

Hello, I’m Allie!•2/26/24, 7:36 AM

That’s the ticket then

Hello, I’m Allie!•2/26/24, 7:37 AM

You can use millions of Workers Requests on a Free Zone, as long as you pay for Workers Paid

HHello, I’m Allie!That’s the ticket then

Kasumi•2/26/24, 7:37 AM

Cloudflare would never give discount to a private person

KKasumi Cloudflare would never give discount to a private person

Hello, I’m Allie!•2/26/24, 7:37 AM

Wdym?

Hello, I’m Allie!•2/26/24, 7:37 AM

Hello, I’m Allie!•2/26/24, 7:38 AM

“That’s the ticket” is an expression, meaning that’s the problem

Hello, I’m Allie!•2/26/24, 7:38 AM

It’s not referring to a support/billing ticket

HHello, I’m Allie!You can use millions of Workers Requests on a Free Zone, as long as you pay for ...

Kasumi•2/26/24, 7:39 AM

Ah okay. But still there are also the limitation that its only possible to use specific node packages. So no fastify and other things

HHello, I’m Allie!It’s not referring to a support/billing ticket

Kasumi•2/26/24, 7:39 AM

ah okya

KKasumi Ah okay. But still there are also the limitation that its only possible to use s...

Hello, I’m Allie!•2/26/24, 7:40 AM

I mean yeah. But, support for certain Node packages is getting better, it is a limit that applies to everyone, and is pretty well documented, at least in my opinion

Hello, I’m Allie!•2/26/24, 7:40 AM

While Workers is a JS-platform, it isn’t a Node Platform

Kasumi•2/26/24, 7:41 AM

yes

Similar Threads