kaszakukus
kaszakukus
PostsComments
CDCloudflare Developers
Created by kaszakukus on 1/24/2025 in #general-help
Passwordless with CF
Hello Everyone, I’m looking to implement a passwordless login system in my web app. Specifically, the user would enter their email, and then I’d send them a magic link or code. I’m considering how to properly secure this approach and would like to hear your thoughts from a security perspective, setting aside UX considerations for now. My domain is already behind Cloudflare’s WAF, and I’ve integrated Turnstile for the form. The main abuse vector I can foresee is manual or semi-automated spam distribution via this form—essentially, someone generating magic links for various email addresses. This could lead to users marking my emails as spam, increasing my complaint rate. By the way, I’m using SendGrid for email delivery. I’m also wondering if Google’s captcha might be a better option since it includes a challenge, which could act as a rate limiter for persistent "testers" and discourage spam attempts. I’m not sure if Turnstile can detect form abuse and respond to it effectively. What are your thoughts on this?
1 replies
CDCloudflare Developers
Created by kaszakukus on 11/16/2024 in #general-help
How to use cloudflare as a proxy and CDN layer for my hetzner bucket?
No description
2 replies
CDCloudflare Developers
Created by kaszakukus on 11/16/2024 in #general-help
Can Cloudflare effectively protect my REST API backend server if it’s exclusively used by mobile app
Specifically, when sending requests from Swift or Android, there’s no context, such as user-agent headers. Additionally, the IP addresses originate from GSM providers, which might make it difficult for Cloudflare to accurately identify traffic. Would setting WAF rules to allow only specific countries still work reliably in this scenario?
3 replies
CDCloudflare Developers
Created by kaszakukus on 11/16/2024 in #general-help
Custom WAF rule to allow only specific country and google's indexing robots
If I set a WAF rule to allow access to my site only for users from a specific country, does that mean I am essentially blocking Googlebot from indexing my site and ruining my SEO? Is it possible to add indexing bots as exceptions? Or can Googlebot handle Cloudflare challenges on its own?
2 replies