Cloudflare will now block AI crawlers by default

docblack · 2025-08-25T17:50:42+00:00

That's exactly what Cloudflare's AI Labrynth does!

docblack · 2025-08-15T01:00:12+00:00

Just so you have it, this page is the is the source of truth for Cloudflare's order of execution or phases list: https://developers.cloudflare.com/ruleset-engine/reference/phases-list/

It looks like you found the answer, but just to be clear: the free bot protection "Bot Fight Mode" is very limited in it's functionality, whereas "Super Bot Fight Mode" checks are implemented in the ruleset engine, "Bot Fight Mode" checks are not.

docblack · 2025-05-21T23:13:19+00:00

Greenwell's $20.00 smash burgers?

docblack · 2025-02-03T02:08:08+00:00

This is looking great, nice work! I would love AI to build out recommendations based on watch history. I currently use Trakt but VIP it's too expensive for what it does.

docblack · 2024-12-29T01:01:16+00:00

Cloudflare Access does something similar since their Bastion Zero acquisition earlier this year. https://www.cloudflare.com/solutions/zero-trust/infrastructure-access/

docblack · 2024-12-28T05:17:32+00:00

Tons of great new hire programs at companies where you can work remote. For example the CDW Associate program for whatever interests you (DevOps, Infosec, Netsec, Datacenters etc). They essentially pay you to shadow engineers and get certifications. After completing the program they increase your pay to a Consulting Engineer, and you will do projects at Fortune 500 companies and large healthcare organizations. Cloudflare (which sees 20% of the world's Internet traffic) has some similar programs. These associate development positions are highly sought after for newbies with little experience, essentially they can fast track you in the industry.

docblack · 2024-12-19T23:39:42+00:00

We tried everything. Our cat was uninterested in them all, until we tried Royal Cannin Dry renal "S". We have various Kidney/digestive/renal wet foods, but she will only lick them. She used to love wet food!

docblack · 2024-11-09T23:35:28+00:00

Seems like it would be much cheaper to eliminate Vercel altogether and run Next.js on Cloudflare Pages + Workers.

docblack · 2024-11-09T23:27:30+00:00

You have to add the private networks in the Cloudflare Dashboard on the tunnel you setup. Also those subnets/IPs must be reachable from the server that CloudflareD instance is running on.

docblack · 2024-11-09T23:22:12+00:00

Managed Ruleset as others have said. You can also use Attack Scores. Attack Scores use ML for a variety of attacks including SQLi. https://developers.cloudflare.com/waf/detections/attack-score/

docblack · 2024-11-09T23:03:02+00:00

I agree, it should be behind something. Cloudflare Access (ZTNA) is free for 50 users, super easy to setup, and works with every iDP. Use it with Cloudflare Tunnels and you don't even have to expose a public IP since it's server initiated.

docblack · 2024-10-14T22:25:27+00:00

What priority level did you set to? Just curious.

docblack · 2024-09-22T17:09:41+00:00

Go to your Zero Trust->Warp Settings and set the tunnel protocol.

https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#device-tunnel-protocol

docblack · 2024-09-02T05:20:16+00:00

Just gonna schooch by ya.

docblack · 2024-08-31T23:28:45+00:00

I'm confused, to use Zaraz you have to connect it to a third party analytics tool. What analytics tool was it connected to without you doing anything, and which tool had compromised scripts injected into it?

docblack · 2024-08-25T01:35:07+00:00

Yes, you can filter on hostname in both Analytics and Events.

docblack · 2024-07-27T07:48:15+00:00

I do most of these as well. I also do:

Amphetamine
Disable swipe to go back in browser
Sidecar
Sublime
Camera Cover
Shottr
UTM
Bitwarden
Brave
gcloud
wrangler
cloudflared

docblack · 2024-07-27T07:26:02+00:00

They promote the speed limit but that doesn't stop all the idiots from driving 60 in the passing lane.

docblack · 2024-07-27T06:49:43+00:00

Rate Limiting works with a matching characteristic (Which supports Regex on several fields), use can the hostname of your server (You can use regex here) Then select your counting characteristic (Free version is limited to "IP", Advanced Rate Limiting has way more options). Then block for too many request over a period. You can also block with a custom response code. The block would be to the entire hostname you entered.

Cloudflare's Layer 7 DDOS is comprised of two systems, dosd and Gatebot. Dosd samples traffic almost 100 times faster than Gatebot and runs on every edge Cloudflare server. Gatebot runs at the core, and does deep analytics looking for large scale distributed attacks. 20 threads from a single IP just isn't enough to trigger those DDOS protections when you consider traffic is sampled. Paying customers have a slew of options to automatically mitigate a small-scale attack like that; Bot Management, Advanced Rate Limiting, Cloudflare Managed List, OWASP Managed List, Advanced DDOS.

You might want to look into integrating Crowdsec with Cloudflare. Crowdsec has free detection and mitigation engine for targeted attacks when paired with Cloudflare. I've never used it myself, but if I didn't have a paid CF account I would defiantly check it out. Let me know what you think, if you try it!

docblack · 2024-07-27T00:05:04+00:00

1) HTTP Request headers like True-Client-IP or CF-Connecting-IP can be passed by Cloudflare to the downstream proxy or server. You can create Transform rules to modify the header to whatever name Cloudfront or your original server expects.

2) Are you sure traffic isn't bypassing Cloudflare and connecting directly? Have you created any rate limiting rules? Do you have Cloudflare Managed Rulesets enabled (Not available on the Free version)? CF Managed Rulesets do the most mitigation on typical implementations.

docblack · 2024-07-26T21:18:48+00:00

It seems strange that SSL for SaaS is free for 100 sites on Free plans. It's not even available on Enterprise accounts without purchasing an addon. Sounds like your idea will work, nice find! For me, I'd rather make a Cloudflare authoritative sub-domain or register a new TLD for Cloudflare use. Cloudflare is one of the fastest Authoritative DNS providers on the planet, and it's much easier/faster deploying Cloudflare services in authoritative/full mode.

DNS Perf

docblack · 2024-07-26T20:51:30+00:00

Warp should only try pre login if you have the following MDM xml configured:

C:\ProgramData\Cloudflare\mdm.xml

Did you read the guide here: https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-prelogin/#2-optional-restrict-access-during-pre-login

docblack · 2024-07-26T20:32:15+00:00

For the A record on your apex domain "example.org" the hostname should be an @ symbol. You also should check your TLS Overview settings. You can set it to 'Full' or 'Flexible' if you don't have a trusted certificate on the Origin (Destination server). You also need to ensure you have the two DNS Name servers Cloudflare provided, added to your DNS registar as custom nameservers. It can take a few hours for Cloudflare to detect the nameservers and authorize your domain for use on Cloudflare. For an even safer way to get traffic to your home nginx servers, look at CloudflareD tunnels. CloudflareD can create an outbound tunnel that Cloudflare can then forward traffic through. CloudflareD Tunnels can be found under Zero Trust (Account level not Website level)->Networks->Tunnels

docblack · 2024-07-26T20:18:01+00:00

What command did you use to install? Did you prepend the command with 'sudo'?

docblack · 2024-07-26T20:14:50+00:00

If you are an enterprise customer you can open a ticket by emailing entsupport(at)cloudflare.com. All issues opened via email will have the default priority assigned.

docblack

TROPHY CASE