Stefatorus
CDCloudflare Developers
•Created by Stefatorus on 8/13/2024 in #general-help
Cloudflare Fails to mitigate DDoS Attack, Enabling "Verified Bots" doesn't block deindexing it
For the future, it might be a good idea not to trust any flag (including ASN) sent by workers, to have homogenous behaviour
76 replies
CDCloudflare Developers
•Created by Stefatorus on 8/13/2024 in #general-help
Cloudflare Fails to mitigate DDoS Attack, Enabling "Verified Bots" doesn't block deindexing it
Appreciate the fast response, I'll try to resolve it and hopefully next time it'll not break
76 replies
CDCloudflare Developers
•Created by Stefatorus on 8/13/2024 in #general-help
Cloudflare Fails to mitigate DDoS Attack, Enabling "Verified Bots" doesn't block deindexing it
---
76 replies
CDCloudflare Developers
•Created by Stefatorus on 8/13/2024 in #general-help
Cloudflare Fails to mitigate DDoS Attack, Enabling "Verified Bots" doesn't block deindexing it
We know that we can just enable bot-protection-mode and it'll have minor consequences except for managed challenge which users are used to
76 replies
CDCloudflare Developers
•Created by Stefatorus on 8/13/2024 in #general-help
Cloudflare Fails to mitigate DDoS Attack, Enabling "Verified Bots" doesn't block deindexing it
I'll resolve this, if we can resolve the issue with the middleware not filtering itself out
76 replies
CDCloudflare Developers
•Created by Stefatorus on 8/13/2024 in #general-help
Cloudflare Fails to mitigate DDoS Attack, Enabling "Verified Bots" doesn't block deindexing it
But they lack granularity unless you go forward with Business / Enterprise I believe
76 replies
CDCloudflare Developers
•Created by Stefatorus on 8/13/2024 in #general-help
Cloudflare Fails to mitigate DDoS Attack, Enabling "Verified Bots" doesn't block deindexing it
Some we are able to filter out (eg: We can add rate limits)
76 replies
CDCloudflare Developers
•Created by Stefatorus on 8/13/2024 in #general-help
Cloudflare Fails to mitigate DDoS Attack, Enabling "Verified Bots" doesn't block deindexing it
However we'd expect it to detect abnormal patterns, traffic spiked significantly on a single URL, with multiple consecutive requests on the URL by the same IP, etc
76 replies
CDCloudflare Developers
•Created by Stefatorus on 8/13/2024 in #general-help
Cloudflare Fails to mitigate DDoS Attack, Enabling "Verified Bots" doesn't block deindexing it
Being conservative by default is not a problem, it's common practice. You'd rather have higher load than lose customers
76 replies
CDCloudflare Developers
•Created by Stefatorus on 8/13/2024 in #general-help
Cloudflare Fails to mitigate DDoS Attack, Enabling "Verified Bots" doesn't block deindexing it
Is Super bot fight mode considered part of WAF?
76 replies
CDCloudflare Developers
•Created by Stefatorus on 8/13/2024 in #general-help
Cloudflare Fails to mitigate DDoS Attack, Enabling "Verified Bots" doesn't block deindexing it
I believe documentation needs to mention this on the super-bot-fight-mode, that if youi're using a proxy without origin bindings it will break
76 replies
CDCloudflare Developers
•Created by Stefatorus on 8/13/2024 in #general-help
Cloudflare Fails to mitigate DDoS Attack, Enabling "Verified Bots" doesn't block deindexing it
There should be some mention on how it's behaving however. I know origin bindings were implemented a while ago but I wanted to be able to bind some routes to other workers and have my translation proxy handle that
76 replies
CDCloudflare Developers
•Created by Stefatorus on 8/13/2024 in #general-help
Cloudflare Fails to mitigate DDoS Attack, Enabling "Verified Bots" doesn't block deindexing it
I'll enable it and hopefully it'll resolve the issue
76 replies
CDCloudflare Developers
•Created by Stefatorus on 8/13/2024 in #general-help
Cloudflare Fails to mitigate DDoS Attack, Enabling "Verified Bots" doesn't block deindexing it
Thanks for the help in finding about the flag
76 replies
CDCloudflare Developers
•Created by Stefatorus on 8/13/2024 in #general-help
Cloudflare Fails to mitigate DDoS Attack, Enabling "Verified Bots" doesn't block deindexing it
It's highly unlikely for an application to allow setting X-Forwarded-For by end users.
76 replies
CDCloudflare Developers
•Created by Stefatorus on 8/13/2024 in #general-help
Cloudflare Fails to mitigate DDoS Attack, Enabling "Verified Bots" doesn't block deindexing it
And it's good for the original flag to disable such access and to route it back on top of the filter
76 replies
CDCloudflare Developers
•Created by Stefatorus on 8/13/2024 in #general-help
Cloudflare Fails to mitigate DDoS Attack, Enabling "Verified Bots" doesn't block deindexing it
Well, at that point I would say it's not Cloudflare's fault. The logic with a worker being able to fetch("") resources (eg: Ai agent with internet access) makes sense
76 replies
CDCloudflare Developers
•Created by Stefatorus on 8/13/2024 in #general-help
Cloudflare Fails to mitigate DDoS Attack, Enabling "Verified Bots" doesn't block deindexing it
The origin filter bypass is sane
76 replies
CDCloudflare Developers
•Created by Stefatorus on 8/13/2024 in #general-help
Cloudflare Fails to mitigate DDoS Attack, Enabling "Verified Bots" doesn't block deindexing it
I agree on the last statement, however what I don't understand is how it could lead to IP spoofing
76 replies
CDCloudflare Developers
•Created by Stefatorus on 8/13/2024 in #general-help
Cloudflare Fails to mitigate DDoS Attack, Enabling "Verified Bots" doesn't block deindexing it
Is it normal then for the ASN to still show as Google / Hetzner / etc?
76 replies