this post was submitted on 22 Sep 2025
331 points (96.1% liked)

Technology

75434 readers
2196 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
331
Supporting the future of the open web: Cloudflare is sponsoring Ladybird and Omarchy (blog.cloudflare.com)
submitted 2 days ago by lena@gregtech.eu to c/technology@lemmy.world
82 comments fedilink hide all child comments
 

based cloudflare

you are viewing a single comment's thread
view the rest of the comments
[–] drmoose@lemmy.world 1 points 14 hours ago (1 children)

Not sure what does have to do with the fact that cf providers no metrics of false positives but sure.

[–] AmbiguousProps@lemmy.today 1 points 9 hours ago* (last edited 8 hours ago) (1 children)

I'm not sure why you're trying to bring that up when this comment of yours is what I've been responding to the entire time:

Nope. Cloudflare use a complex set of fingerprinting tools that determine security scores. It's literally social credit system for web user agents and the site admits have little control over that.

Cloudflare does force nor opt in site admins to use the score. You said that site admins have little control over that. That is not true, because site admins do not have to use the score when configuring WAF. If they do not configure blocking based on score, they do not block the scored traffic at any point, no matter the score.

Your comment before this one said:

You control the score but not how its calculated. My score is incredibly high just because I'm on Linux with Firefox - how important is that to you as an e-commerse site admin?

So I said that the score doesn't matter if you don't block based on score. Since my client with an e-commerce site isn't configuring any WAF rules based on the determined score, then it isn't important to me (as a site admin plus their Cloudflare administrator), because it's not a factor at all.

Now, if you were to enable the rule to block based on score then it could certainly affect users, because it was configured to do so. It comes down to proper configuration of the tools provided. If I were going to use the WAF rule based on score (again, I don't do this, because I use other rules to check for malicious traffic), I would configure it with a managed/interactive challenge and not block them entirely. Cloudflare provides you with a percent metric based on how often this challenge is passed.

[–] drmoose@lemmy.world 1 points 5 hours ago

Yes but does Cloudflare provide you detailed metrics of who and when was denied access to the website? They just tap themselves on the back and admins are blindly losing customers without even knowing.