I was expecting a browser fingerprint id in CF header to better check if request is coming from same

I was expecting a browser fingerprint id in CF header to better check if request is coming from same device instead IP address(which can be proxied) or managing a list of disposable email(which is always incomplete).

Anyway, thanks for your suggestions. It seems we'd need to build a layer on our API itself.

slayerduck•3/10/24, 7:45 AM

does anyone have a paid plan and the WAF suddendly went back to free plan? I'm getting

exceeded the maximum number of rules in the phase http_request_firewall_custom: 19 out of 5 (Code: 50001)

exceeded the maximum number of rules in the phase http_request_firewall_custom: 19 out of 5 (Code: 50001)

but i have had pro for 5 years or so

slayerduck•3/10/24, 7:46 AM

ok its not just WAF, i completly lost all pro functionality even though its paid for yearly in dec 2023 and the site itself says pro

Flare•3/10/24, 9:43 AM

To contact Cloudflare Support about an issue, please visit the Support Portal and fill in the form on the portal. After submission, you will receive confirmation over email.

Some issues, such as Account or Billing related issues, cannot be solved by the community.
Any plan level (including Free plans) can open tickets for Account, Billing or Registrar ticket categories. Make sure to select the correct category to ensure it goes to the right place.
For more information on the methods by which you can contact Support for your plan level, see Contacting Cloudflare Support - Cloudflare Docs

slayerduck•3/10/24, 10:10 AM

yah, looking forward to get a response monday evening https://community.cloudflare.com/t/pro-site-missing-pro-features/626329/5

slayerduck•3/10/24, 11:15 AM

https://www.cloudflarestatus.com/incidents/txm1wtb3q75b

Issues with Cloudflare's Pay-as-you-Go Plans

az•3/10/24, 11:25 AM

can i transfer data to r2 from a url ?

az•3/10/24, 11:25 AM

i want to import my gcp bucket

Original message was deleted

slayerduck•3/10/24, 11:38 AM

i'm pretty sure my own custom rules still work, but the 'managed rules' to protect against certain exploits are gone

slayerduck•3/10/24, 11:38 AM

i can however, not edit any of them because free accounts only have 5, and i have more then 5 so it errors out when i try to change one

VVikash I was expecting a browser fingerprint id in CF header to better check if request...

DarkDeviL•3/10/24, 12:22 PM

Yeah, I understood that much, but unfortunately, no, that kind of stuff be on the Enterprise plan as Leo said above. IIRC, I even believe it's an add-on to the Enterprise plan.

I don't know where, or if your budget is limiting you somehow at all, but personally though, I doubt you will ever see any fingerprinting (or similar thing), on any free or perhaps ~ $20/month (Pro-price) plans anywhere, that you can actually rely on, so that you wouldn't have to do other things to secure your infrastructure.

My own personal opinion though, I also wouldn't rely on putting everything on the shoulders of any external third party (be it on Cloudflare or whatever), and expecting the third party to always be "magically" taking care of 100% of your issues all the time.

DarkDeviL•3/10/24, 12:24 PM

Your screenshot above were showing 10 accounts in ~14 minutes, from AS45727 (PT Hutchison CP Telecommunications), - you could also use these variables, and through the Cloudflare API adjust things and temporarily block networks for some time, if there have been too many registrations within a short time interval.

One account per ~ 1 minute from the same iSP? Whether that would be 'legitimate', or not, would depend on both yours and my network, in your network it might be unlikely (and likely illegitimate), but in my network, it could be necessary, and so forth.

(But that one would also require some sort of maintenance from your own end).

Original message was deleted

DarkDeviL•3/10/24, 12:25 PM

Thanks for the confirmation!

User4675•3/10/24, 12:31 PM

any idea how long changing ssl encryption mode takes to come into effect?

Original message was deleted

User4675•3/10/24, 12:32 PM

ive been waiting 7 mins so might be having an issue with something else then

User4675•3/10/24, 12:33 PM

i keep getting ERR_TOO_MANY_REDIRECTS which seems to predominantly be a cf ssl issue

Original message was deleted

DarkDeviL•3/10/24, 12:38 PM

"As usual", indeed.

I would personally just go with your own customised WAF rules that are tailored and regularly adjusted to meet your demands and expectations, instead of these [super] bot fight modes.

UUser4675 i keep getting ERR_TOO_MANY_REDIRECTS which seems to predominantly be a cf ssl i...

DarkDeviL•3/10/24, 12:40 PM

Did you purge the Cloudflare edge cache, to ensure the redirects aren't cached there?

https://dash.cloudflare.com/?to=/:account/:zone/caching/configuration

DDarkDeviL Did you purge the Cloudflare edge cache, to ensure the redirects aren't cached t...

User4675•3/10/24, 12:41 PM

I'll try that now thanks

DarkDeviL•3/10/24, 12:41 PM

There is also the possibility that your browser(s) may have cached the redirect(s).

DDarkDeviL There is also the possibility that your browser(s) may have cached the redirect(...

User4675•3/10/24, 12:42 PM

I've tried on an emulated browser as well and it still wasn't working so I don't think it is that

DarkDeviL•3/10/24, 12:46 PM

It might not be the case, but redirects could theoretically be cached everywhere in the chain, where there is an option for caching.

DDarkDeviL It might not be the case, but redirects could theoretically be cached everywhere...

User4675•3/10/24, 12:48 PM

I see. I'll have a look into the caching.

User4675•3/10/24, 12:49 PM

I turned on development mode so it should be bypassing caching but still experiencing the redirect issue.

UUser4675 I turned on development mode so it should be bypassing caching but still experie...

DarkDeviL•3/10/24, 12:51 PM

With development mode on, I'd lean a bit more towards taking a look at your server, rather than Cloudflare.

DarkDeviL•3/10/24, 12:52 PM

... assuming you have actually set the proper Full (STRICT) mode.

User4675•3/10/24, 12:52 PM

omg I was setting the ssl rule on the wrong domain

User4675•3/10/24, 12:52 PM

It works now

loneranger4978•3/10/24, 2:55 PM

Help please. Unable to add a custom domain to Worker & Pages. The domain is 备.com and the error I receive is "Please enter a valid domain."

Lloneranger4978 Help please. Unable to add a custom domain to Worker & Pages. The domain is 备.co...

Cyb3r-Jak3•3/10/24, 2:57 PM

Try adding the IDN domain as a custom domain

CCyb3r-Jak3 Try adding the IDN domain as a custom domain

loneranger4978•3/10/24, 2:59 PM

Worked. Thanks

GustyCube•3/10/24, 3:06 PM

Hey! I’ve seen certain cloudfare websites say things like “verifying your a human” when the page first loads, does anyone know how to do that and any other measures to make the site more secure against bots?

dave•3/10/24, 5:19 PM

Is there any response header that a server can send to a client to tell it that it should ignore the query string for caching?

satzkr•3/10/24, 5:40 PM

Hi is it possible to use Joi schemas as part of itty-router-openapiitty-router-openapi routers in workers ? If so can someone give me an example of how to use joi schema for requestBody schemas & use the same for swagger documentation ?

Chaika•3/10/24, 8:07 PM

they update really quickly yea, currently within 10s or so. I'd dig yourself and see if you can see it, otherwise I blame microsoft for not rechecking/cache

Chaika•3/10/24, 8:10 PM

make sure you don't have cname flattening enabled for the entire zone (is only an option to be enabled if you had pro or higher only though)

Chaika•3/10/24, 8:11 PM

yes

Chaika•3/10/24, 8:11 PM

flatten only apex

Chaika•3/10/24, 8:11 PM

no, it's exactly the opposite, it only applies for dns-only

Chaika•3/10/24, 8:11 PM

Proxied CName Records are always flattened due to the nature of how CF works

Chaika•3/10/24, 8:11 PM

yea just make it apex only

Chaika•3/10/24, 8:12 PM

if it needed a specific cname to be there, probably

shadyharby.•3/10/24, 8:15 PM

What are the Permissions that enable the API to access the Domain Registration service?

Chaika•3/10/24, 8:15 PM

The Registrar API is Enterprise only

CChaika The Registrar API is Enterprise only

shadyharby.•3/10/24, 8:17 PM

If I use the Global API Key, it will not allow access to the Domain Registration?

Unsmart•3/10/24, 8:18 PM

You need to be an enterprise customer to use it

Unsmart•3/10/24, 8:18 PM

If you arent enterprise you cant use it no matter what key you use

Chaika•3/10/24, 8:19 PM

If you want an employee confirmation of that: https://community.cloudflare.com/t/domain-registration-using-the-api/382556/3?u=chaika

shadyharby.•3/10/24, 8:22 PM

Thank you

Original message was deleted

Chaika•3/10/24, 8:27 PM

With CNAME flattening, Cloudflare finds the IP address that a CNAME points to. This process could involve a single lookup or multiple (if your CNAME points to another CNAME). Cloudflare then returns the final IP address instead of a CNAME record, helping DNS queries resolve up to 30% faster.

I was expecting a browser fingerprint id in CF header to better check if request is coming from same

Similar Threads

Similar Threads

Similar Threads