Ah, there might be scripts out that do that but something would need to scrape the API then make th
Ah, there might be scripts out that do that but something would need to scrape the API then make those rules
EThere are scripts to do that for the firewall endpoint, but when I go into the firewall documentation it says it's depreciated and to use the WAF.
I've been trying to find something in the WAF that has an IP where I can put in ip addresses to block by the API but the firewall still seems like the best place (even if there are warnings about depreciation).
Is there a (free) WAF endpoint that I overlooked?
I've been trying to find something in the WAF that has an IP where I can put in ip addresses to block by the API but the firewall still seems like the best place (even if there are warnings about depreciation).
Is there a (free) WAF endpoint that I overlooked?
CYou have to do it with ruleset API
BHi! I saw this issue: https://www.cloudflarestatus.com/incidents/rv5y7pmspw25
but I don’t think it is resolved.
I have requests originating from Amsterdam (Digitalocean AMS3) to a Hetzner server (proxied through CF) that are routed via Singapore
but I don’t think it is resolved.
I have requests originating from Amsterdam (Digitalocean AMS3) to a Hetzner server (proxied through CF) that are routed via Singapore
BBThis one is routed via Singapore, introducing huge latencies, but other requests directly after it are routed via AMS.
BIt seems random but always SIN and AMS
CIt's not going to matter where your origin is hosted on that changes the path to CF, but the network sending (well, mostly). Although in this case I suspect it's not a routing to CF issue, it looks like they're sending some amount of free plan/non-enterprise requests to other data centers after they hit AMS, probably capacity related
You can play around with it a bit yourself to see, send 10 or so requests to a free plan website (you kind of already have), and see what you hit via /cdn-cgi/trace or CF-Ray response header, and then look at mtr and see if you're always on the same route to the local DC. Then repeat w/ an Enterprise website like cloudflare.com. If they both have similar paths in mtr which don't change, and only some amount of requests are rerouted on free, safe bet it's just capacity based redirecting, nothing you can do about directly, should resolve in time though. I'd assume they closed out the incident since the network level is fine now at least for requests actually handled in ams, and the ones being redirected are just seeing normal latency
You can play around with it a bit yourself to see, send 10 or so requests to a free plan website (you kind of already have), and see what you hit via /cdn-cgi/trace or CF-Ray response header, and then look at mtr and see if you're always on the same route to the local DC. Then repeat w/ an Enterprise website like cloudflare.com. If they both have similar paths in mtr which don't change, and only some amount of requests are rerouted on free, safe bet it's just capacity based redirecting, nothing you can do about directly, should resolve in time though. I'd assume they closed out the incident since the network level is fine now at least for requests actually handled in ams, and the ones being redirected are just seeing normal latency
Ohello
is there a problem with WAF custom rules ?
i had a rule working, blocking traffic from india, vietnam
suddenly last 3 days its not working anymore
is there a problem with WAF custom rules ?
i had a rule working, blocking traffic from india, vietnam
suddenly last 3 days its not working anymore
BCan confirm what you say here; it's only happening on non-Enterprise zones
BEven Pro is impacted, see:
BHi all. New to CloudFlare and need a bit of help with DNS, particularly with mail. Since directing my domain to cloudflare nameservers and using CF DNS, my Outlook will not send mail. Throwing an authentication error. Am I correct to assume that CF does not route TCP traffic and I need to revert the mail. A record back to DNS only?
MHello, new to cloudFlare
I've got a question about email routing, is it possible to send an email from the created custom email address?
I mean can I send an email so it appears to my receipt as j.does@custom.com ? While the configured email to route to might be john@gmail.com
I've got a question about email routing, is it possible to send an email from the created custom email address?
I mean can I send an email so it appears to my receipt as j.does@custom.com ? While the configured email to route to might be john@gmail.com
MHmm, please do you have a guideline or documentation I can follow to achieve this ?
Ethis isnt a vercel server, use #off-topic or ask somewhere else
Esending me a friend request and DM isnt a good course of action either
I:facepalm: crossposting isn't either
M@Ziga Zajc thank you so much
RThere is no solution to it from Cloudflare sadly... I hope one of their products see it and move on with it, it's so basic 
Rblocking someone who access specific paths
RIt's the easiest way to find enumerations
EIn the end I just asked chatgpt to write a script to parse my nginx log files and to call the depreciated firewall api to block the IP. I see the modern WAF way is to create a list (accounts get 1 single list, not 1 list per domain) and add IPs to that and use a rule from the WAF.
I suspect maybe there might be a way to do it with workers but I'll re-visit it in the future. But yes, an edge of network fail2ban would be very cool. For now I'm happy with the workaround (until the depreciated API is removed!)
I suspect maybe there might be a way to do it with workers but I'll re-visit it in the future. But yes, an edge of network fail2ban would be very cool. For now I'm happy with the workaround (until the depreciated API is removed!)
CNVM it was on my end I spelt it wrong...
CI got one too, pretty sure this exact same thing happened before
Cnew billing system is going great
Eno
Ethe "remember me" function was removed years ago
QHello everyone. I am here to seek and provide helpl
!What will cloudflare do if the TLS 1.3 PoW draft is approved? Will we get an implementation? I think it would an amazing way of stopping DDoS attacks, the delay for users would be minimal (even less if it only activates when the site is under attack), but for attackers it would add up very quickly and make the computational power necessary to affect the origin way higher as before. For example with the proof of work implemented, you might need 100-200x the amount of compute for every request, so an attack that would do 20k RPS would only do 100 to 200 RPS, and it would be almost invisible to the user, with only a slight delay for page load, but way better than having the site offline or having a JS challenge, I think the best implementation would be to add it on the challenge platform as an additional challenge (that you can for example select in the rules) and it could be also triggered by default on HTTP-DDOS as a global measure to protect the origin in case of an attack
Ewhy would there need to be?