thanks but that only blocks that particular request. the goal was a fail2ban style rule at the edge,

thanks but that only blocks that particular request. the goal was a fail2ban style rule at the edge, so the WAF blocks everything from that IP for a period of time.
What we were both hoping for is when certain urls are hit, the IP that hits them gets blocked from the service for a period of time

Eelzzz thanks but that only blocks that particular request. the goal was a fail2ban sty...

Cyb3r-Jak3•12/28/24, 6:01 PM

Ah, there might be scripts out that do that but something would need to scrape the API then make those rules

CCyb3r-Jak3 Ah, there might be scripts out that do that but something would need to scrape ...

elzzzOP•12/28/24, 6:22 PM

There are scripts to do that for the firewall endpoint, but when I go into the firewall documentation it says it's depreciated and to use the WAF.
I've been trying to find something in the WAF that has an IP where I can put in ip addresses to block by the API but the firewall still seems like the best place (even if there are warnings about depreciation).

Is there a (free) WAF endpoint that I overlooked?

Eelzzz There are scripts to do that for the firewall endpoint, but when I go into the f...

Cyb3r-Jak3•12/28/24, 8:00 PM

You have to do it with ruleset API

Bjarn•12/28/24, 10:07 PM

Hi! I saw this issue: https://www.cloudflarestatus.com/incidents/rv5y7pmspw25

but I don’t think it is resolved.

I have requests originating from Amsterdam (Digitalocean AMS3) to a Hetzner server (proxied through CF) that are routed via Singapore

Network Performance Issues in Amsterdam

Bjarn•12/28/24, 10:07 PM

HTTP/2 200 
date: Sat, 28 Dec 2024 21:49:08 GMT
content-type: text/plain
access-control-allow-origin: *
server: cloudflare
cf-ray: 8f94c2302ec6fd9f-SIN
x-frame-options: DENY
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache

fl=963f47
h=artbylien.com
ip=2a03:b0c0:2:d0::1276:9001
ts=1735422548.509
visit_scheme=https
uag=curl/7.68.0
colo=SIN
sliver=none
http=http/2
loc=NL
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off
rbi=off
kex=X25519

IPv6: 0.572933

HTTP/2 200 
date: Sat, 28 Dec 2024 21:49:08 GMT
content-type: text/plain
access-control-allow-origin: *
server: cloudflare
cf-ray: 8f94c2302ec6fd9f-SIN
x-frame-options: DENY
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache

fl=963f47
h=artbylien.com
ip=2a03:b0c0:2:d0::1276:9001
ts=1735422548.509
visit_scheme=https
uag=curl/7.68.0
colo=SIN
sliver=none
http=http/2
loc=NL
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off
rbi=off
kex=X25519

IPv6: 0.572933

Bjarn•12/28/24, 10:08 PM

This one is routed via Singapore, introducing huge latencies, but other requests directly after it are routed via AMS.

Bjarn•12/28/24, 10:08 PM

It seems random but always SIN and AMS

BBjarn Hi! I saw this issue: https://www.cloudflarestatus.com/incidents/rv5y7pmspw25 b...

Chaika•12/28/24, 10:16 PM

It's not going to matter where your origin is hosted on that changes the path to CF, but the network sending (well, mostly). Although in this case I suspect it's not a routing to CF issue, it looks like they're sending some amount of free plan/non-enterprise requests to other data centers after they hit AMS, probably capacity related
You can play around with it a bit yourself to see, send 10 or so requests to a free plan website (you kind of already have), and see what you hit via /cdn-cgi/trace or CF-Ray response header, and then look at mtr and see if you're always on the same route to the local DC. Then repeat w/ an Enterprise website like cloudflare.com. If they both have similar paths in mtr which don't change, and only some amount of requests are rerouted on free, safe bet it's just capacity based redirecting, nothing you can do about directly, should resolve in time though. I'd assume they closed out the incident since the network level is fine now at least for requests actually handled in ams, and the ones being redirected are just seeing normal latency

Oussama•12/29/24, 9:40 AM

hello
is there a problem with WAF custom rules ?
i had a rule working, blocking traffic from india, vietnam
suddenly last 3 days its not working anymore

CChaika It's not going to matter where your origin is hosted on that changes the path to...

Bjarn•12/29/24, 12:26 PM

Can confirm what you say here; it's only happening on non-Enterprise zones

Bjarn•12/29/24, 12:27 PM

Even Pro is impacted, see:

BlueDiamondAU•12/29/24, 1:48 PM

Hi all. New to CloudFlare and need a bit of help with DNS, particularly with mail. Since directing my domain to cloudflare nameservers and using CF DNS, my Outlook will not send mail. Throwing an authentication error. Am I correct to assume that CF does not route TCP traffic and I need to revert the mail. A record back to DNS only?

Mubarak Ibrahim•12/29/24, 2:12 PM

Hello, new to cloudFlare
I've got a question about email routing, is it possible to send an email from the created custom email address?
I mean can I send an email so it appears to my receipt as j.does@custom.com ? While the configured email to route to might be john@gmail.com

Mubarak Ibrahim•12/29/24, 2:21 PM

Hmm, please do you have a guideline or documentation I can follow to achieve this ?

Erisa•12/29/24, 5:27 PM

this isnt a vercel server, use #off-topic or ask somewhere else

Erisa•12/29/24, 5:28 PM

sending me a friend request and DM isnt a good course of action either

Idle•12/29/24, 5:28 PM

:facepalm: crossposting isn't either

Mubarak Ibrahim•12/29/24, 8:01 PM

@Ziga Zajc thank you so much

Eelzzz This is the EXACT thing I came looking for on the free tier. I too want to find ...

Rapid•12/29/24, 8:50 PM

There is no solution to it from Cloudflare sadly... I hope one of their products see it and move on with it, it's so basic

Rapid•12/29/24, 8:50 PM

blocking someone who access specific paths

Rapid•12/29/24, 8:50 PM

It's the easiest way to find enumerations

RRapid There is no solution to it from Cloudflare sadly... I hope one of their products...

elzzzOP•12/29/24, 9:31 PM

In the end I just asked chatgpt to write a script to parse my nginx log files and to call the depreciated firewall api to block the IP. I see the modern WAF way is to create a list (accounts get 1 single list, not 1 list per domain) and add IPs to that and use a rule from the WAF.
I suspect maybe there might be a way to do it with workers but I'll re-visit it in the future. But yes, an edge of network fail2ban would be very cool. For now I'm happy with the workaround (until the depreciated API is removed!)

CosmosisT•12/30/24, 12:03 AM

NVM it was on my end I spelt it wrong...

Chaika•12/30/24, 1:07 AM

I got one too, pretty sure this exact same thing happened before

Chaika•12/30/24, 1:07 AM

new billing system is going great

Erisa•12/30/24, 6:13 AM

Erisa•12/30/24, 6:14 AM

the "remember me" function was removed years ago

qwertymaniac•12/30/24, 12:57 PM

Hello everyone. I am here to seek and provide helpl

! SAKURA.sx❁•12/31/24, 4:41 PM

What will cloudflare do if the TLS 1.3 PoW draft is approved? Will we get an implementation? I think it would an amazing way of stopping DDoS attacks, the delay for users would be minimal (even less if it only activates when the site is under attack), but for attackers it would add up very quickly and make the computational power necessary to affect the origin way higher as before. For example with the proof of work implemented, you might need 100-200x the amount of compute for every request, so an attack that would do 20k RPS would only do 100 to 200 RPS, and it would be almost invisible to the user, with only a slight delay for page load, but way better than having the site offline or having a JS challenge, I think the best implementation would be to add it on the challenge platform as an additional challenge (that you can for example select in the rules) and it could be also triggered by default on HTTP-DDOS as a global measure to protect the origin in case of an attack

Erisa•12/31/24, 6:10 PM

why would there need to be?

HTTP/2 200 date: Sat, 28 Dec 2024 21:49:08 GMT content-type: text/plain access-control-allow-origin: * server: cloudflare cf-ray: 8f94c2302ec6fd9f-SIN x-frame-options: DENY x-content-type-options: nosniff expires: Thu, 01 Jan 1970 00:00:01 GMT cache-control: no-cache fl=963f47 h=artbylien.com ip=2a03:b0c0:2:d0::1276:9001 ts=1735422548.509 visit_scheme=https uag=curl/7.68.0 colo=SIN sliver=none http=http/2 loc=NL tls=TLSv1.3 sni=plaintext warp=off gateway=off rbi=off kex=X25519 IPv6: 0.572933

thanks but that only blocks that particular request. the goal was a fail2ban style rule at the edge,

Similar Threads

Similar Threads

Similar Threads