AlphaCentauri
CDCloudflare Developers
•Created by AlphaCentauri on 11/14/2023 in #general-help
Frequent IP changes with WARP
Does anyone else have an issue with Cloudflare WARP where the public IPv4 address changes every few seconds (it seemingly switches randomly between 2/3 IPs on every HTTP request).
I saw a thread here where the issue is discussed, but the issue was never resolved for me (with the exception of a period of IP stickiness/stability about 6 months ago that lasted a few weeks):
https://discord.com/channels/595317990191398933/997894540579045578
This is not a huge problem, but it makes the use of WARP difficult as a lot of websites will log you out or flag your session when this happens, so it's something that prevents the continued use of WARP.
If this is normal behavior and not something that will change, that's fine, but it would be nice to get confirmation of that so I can try to look for alternatives.
Thanks so much!
1 replies
CDCloudflare Developers
•Created by AlphaCentauri on 8/23/2023 in #general-help
Protecting API endpoints from DDoS Attacks
Hey 👋
I have a basic(ish) Express API with a handful of GET endpoints, but because it’s an API that supports non-human interaction, traditional DDoS protection such as a managed challenge wouldn’t work in protecting malicious actors from DDoS’ing my server, and if anything I need to reduce false positives by allowing almost all traffic to hit my origin.
I’ve thought about using Workers and KV to sync my user’s API keys and validate them at Cloudflare before hitting my origin, but whilst this would keep my origin online during a DDoS, it would result in me potentially being charged into bankruptcy if I get hit with a major attack (such as billions of requests)
I’ve thought about doing something like implementing a WAF rule to block all requests where the Authorization header doesn’t include a prefix in all the API keys I issue to users, but this is of course super easy to bypass if someone figures it out.
I’ve thought about syncing every API key to WAF as a whitelist and block everything else, but this wouldn’t scale well as the expression for a rule can only be 4096 characters long.
If someone knows a way that I could effectively protect my API, that would be much appreciated 🙏
I’m on the Pro plan btw.
15 replies
CDCloudflare Developers
•Created by AlphaCentauri on 7/25/2023 in #general-help
Cloudflare Tunnels vs Standard Proxied DNS
Hey Everyone!
I was hoping someone at Cloudflare can shine some light on any potential drawbacks to migrating from using Cloudflare as a regular (Orange Cloud) proxy service, to using Tunnels in a production environment.
I suspect most people use Tunnels as they can allow NAT'd servers to expose services publicly which is not important to us, but it would be awesome to use Tunnels in production as it allows us to achieve High Availability and become truly cloud agnostic.
The problem is, I'm curious as to whether or not there will be latency and/or a bottleneck that may cause the Cloudflared daemon to crash or perform poorly compared to Cloudflare making public outbound requests to our origin.
Assuming I'm hosting a web server on a dedicated server, could Cloudflare Tunnels handle/process the same traffic as regular proxied DNS?
Thanksssss
1 replies