this post was submitted on 24 Aug 2024
396 points (97.1% liked)
Asklemmy
43963 readers
2133 users here now
A loosely moderated place to ask open-ended questions
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Bank and government website behind Cloudflare???
Fuck, I just checked, my bank is also behind Cloudflare, what the fuck..
I kind of assumed a bank wouldn't put another company with ability to view all transferred data between customers and themselves.
How much of the internet is not behind CF?
I should probably try blocking their IPs and see what will still work.
I've tried this and you essentially break resolving of most of the internet on your device by doing this. Almost the entire internet relies on both Amazon Web Services and Cloudflare.
It redirects, it doesn’t proxy. The workflow is: user navigates to URL->DNS sends it to cloudflare->cloudflare ensures request is allowed based on selected rules (human check, geo check, DDOS check, etc) and remembers->request is redirected to non-cloudflare address->server response goes direct from server to user browser->subsequent requests are redirected without the test as long as the cookie remembers. I don’t like cloudflare, every time I have an issue pop up out of nowhere, it’s usually cloudflare and some over eager netsec engineer that broke CORS, or decided css wasn’t important, or that machine to machine traffic was a DOS attack. But it’s not reading your statements or anything else the server sends back. It could conceivably read your username and password and any other data you send in your request, but it doesn’t have the TLS certificate. So even though it doesn’t even try, if CF decided to be nefarious, as long as your banks engineers are at least somewhat competent CF is only getting encrypted data that it can’t do anything with. Hate on CF all you want, but hate it for the right reasons.
Yeah at least Google will let you in after you solve 5 puzzles. It's shit but it's possible. With CloudFlare you are at the mercy of whatever hidden criteria they're using.
If you change your user agent from Firefox to Chrome for instance, CloudFlare will never let you through.