327
Supporting the future of the open web: Cloudflare is sponsoring Ladybird and Omarchy
(blog.cloudflare.com)
this post was submitted on 22 Sep 2025
327 points (96.3% liked)
Technology
75434 readers
2168 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Cloudflare PR. Fuck them. Blocking VPNs from accessing websites is very open web of you.
Cloudflare blocks VPNs at the request of whoever is running the server. There are tons of websites running on Cloudflare that work with VPNs.
There are also many Lemmy instances that are intentionally blocking VPNs because they have to to stay afloat.
Exactly. My employer uses Akamai, which is larger than Cloudflare. Akamai provides the ability to block traffic from Tor, traffic from VPNs, traffic from any countries you desire, and so on. They also provide managed lists of countries listed in things like ITAR so you can easily block them if you want.
Nope. Cloudflare use a complex set of fingerprinting tools that determine security scores. It's literally social credit system for web user agents and the site admits have little control over that.
While true that there are security scores, the site admins set which score (if any) to block at. So, they do have control over that. Same goes for the bot fight mode as well. So, site admins do have control over whether or not to block based on the associated score, just not over the calculation itself unless configured otherwise.
The control is very limited unless you're enterprise subscriber and even then CF is super sneaky and doesnt actually report the real world. I had a few clients where they were clearly suffering losses due to cf implementation (you could literally see sales dip when cf is enabled) but they didnt believe me because cf dashboard doesn't report false positives or anything of that sort and they had no in house analytics to really understand the issue.
It's literally not limited. If you don't put a WAF rule based on the score then it doesn't get blocked based on the score. It's that easy. I've got clients and my own site on Cloudflare, so I know how it works. You don't even need the pro subscription to do that.
You control the score but not how its calculated. My score is incredibly high just because I'm on Linux with Firefox - how important is that to you as an e-commerse site admin?
I said that in my original comment:
If you don't use the score, it's not a factor. I don't use the score at all for my clients. You are not required to use it.
Not sure what does have to do with the fact that cf providers no metrics of false positives but sure.
I'm not sure why you're trying to bring that up when this comment of yours is what I've been responding to the entire time:
Cloudflare does force nor opt in site admins to use the score. You said that site admins have little control over that. That is not true, because site admins do not have to use the score when configuring WAF. If they do not configure blocking based on score, they do not block the scored traffic at any point, no matter the score.
Your comment before this one said:
So I said that the score doesn't matter if you don't block based on score. Since my client with an e-commerce site isn't configuring any WAF rules based on the determined score, then it isn't important to me (as a site admin plus their Cloudflare administrator), because it's not a factor at all.
Now, if you were to enable the rule to block based on score then it could certainly affect users, because it was configured to do so. It comes down to proper configuration of the tools provided. If I were going to use the WAF rule based on score (again, I don't do this, because I use other rules to check for malicious traffic), I would configure it with a managed/interactive challenge and not block them entirely. Cloudflare provides you with a percent metric based on how often this challenge is passed.
Yes but does Cloudflare provide you detailed metrics of who and when was denied access to the website? They just tap themselves on the back and admins are blindly losing customers without even knowing.
I'm using a VPN with my cloudflare reverse proxies right now. That blocking is configured by the website owners, not Cloudflare.
For what it's worth when you set up your site on cloudflare you get to choose how strict you want security to be and what URLs it applies to, or just disable it and use it only as a CDN. Or even disable routing entirely and use it only as your DNS.
It would be nice if they were more clear that enabling some features might block legitimate users though.