#Cloudflare 注册的域名,其whois中仍会保留「注册人州/省、注册人国家」信息。
另外,实测Cloudflare注册的.org域名会保留Organization Name字段。
https://developers.cloudflare.com/registrar/account-options/whois-redaction/#what-is-whois-redaction
cloudflare
发个老本行知识:Mastodon套Cloudflare后用户IP变成CF IP的解决方案:
将nginx反代配置中的2处:
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
替换为
proxy_pass_request_headers on;
原理:CF会把客户正确的IP放在这两个header里。不需要nginx再添油加醋。
Edited 1y ago
Esse papo do #CloudFlare ter colaborado com o governo pra manter o bloqueio ao twitter tá sendo festejado mas isso é só mais um exemplo do PERIGO que é a internet quase inteira ser controlada por essa empresa. Ela sim tem o poder de controlar acessos. Inclusive vários sites governamentais no Brasil (tanto federais quanto de esferas menores) dependem do Cloudflare.
🔗转移到 cloudflare R2 + PicList 作图床 https://zhengduo.wordpress.com/2024/11/10/r2-pic/ #Cloudflare, #PicList, #R2, #博客, #图床
Risico Cloudflare (+Trump)
🌦️ Achter Cloudflare
Steeds meer websites zitten "achter" het Amerikaanse bedrijf Cloudflare. Stel u opent https://pvv.nl (let op, daar staat https:// vóór, Mastodon verstopt dat) in uw browser:
browser <-1-> Cloudflare <-2-> https://pvv.nl
⛓️💥 Géén E2EE
Bij zeer veel websites (https://pvv.nl is een voorbeeld) is er sprake van twee *verschillende* verbindingen, dus beslist geen E2EE = End-to-End-Encryption (voor zover dat überhaupt nog wat zegt als de "echte" een cloud-server van Google, Microsoft of Amazon is).
🕋 CDN's
Cloudflare, een CDN (Content Delivery Network), heeft een wereldomspannend netwerk met "tunnel"-servers in computercentra van de meeste internetproviders. Waarschijnlijk ook bij u "om de hoek".
🔥 DDoS-aanvallen
Dat is werkt uitstekend tegen DDoS (Distributed Denial of Service) aanvallen. Ook zorgen CDN's voor veel snellere communicatie (mede doordat plaatjes e.d. op een web van servers "gecached" worden) - ook als de "echte" server aan de andere kant van de wereld staan.
🚨 Nadelen
Maar dit is NIET zonder prijs! Cloudflare kan namelijk *meekijken* in zeer veel "versleuteld" netwerkverkeer (en dat zelfs, desgewenst, wijzigen).
🚦 Nee, niet *u*
Ook kunnen Cloudflare-klanten allerlei regels instellen waar bezoekers aan moeten voldoen, en hen als "ongewenst" bezoek blokkeren (ook *criminele* klanten maken veelvuldig gebruik van deze mogelijkheid, o.a. om te voorkómen dat de makers van virusscanners nepwebsites op kwaadaardige inhoud kunnen checken).
Aanvulling 14:39: { zo kan ik, met Firefox Focus onder Android, https://cidi.nl *niet* openen, ik zie dan een pagina waarin o.a. staat "Even geduld, de website van Centrum Informatie en Documentatie Israël (CIDI) is aan het verifiëren of de verbinding veilig is. Please unblock challenges.cloudflare.com to proceed."
}
😎 Men In Black
Omdat Cloudflare een (tevens) in de VS gevestigd bedrijf is, moeten zij voldoen aan de Amerikaanse FISA section 702 wetgeving. Dat betekent dat hen opgedragen kan worden om internetverkeer te monitoren, en zij daar een zwijgplicht over hebben. Terwijl Amerikanen al minder privacy-rechten hebben dan Europeanen, hebben *niet*-Amerikanen *nul* privacyrechten volgens genoemde FISA wet.
🔓 Knip
Dat https-verbindingen via Cloudflare niet E2EE zijn, blijkt uit onderstaand plaatje (dat vast méér mensen wel eens gezien hebben).
📜 Certificaten en foutmeldingen
Dat plaatje kan, zonder certificaatfoutmeldingen, ALLEEN bestaan als Cloudflare een geldig authenticerend website-certificaat (een soort paspoort) heeft voor, in dit geval, https://bleepingcomputer.com - en dat hébben ze. Voor MILJOENEN websites.
🛃 MitM
Cloudflare (maar ook anderen, zoals Fastly) zijn een MitM (Man in the Middle).
🤔 De tweede verbinding?
Uw browser heeft, grotendeels transparant, een E2EE-verbinding met een Cloudflare server. U heeft géén idee wat voor soort verbinding Cloudflare met de werkelijke website heeft (is dat überhaupt https, en een veilige variant daarvan? Wat doet Cloudflare als het certificaat van de website verlopen is? Etc).
👽 AitM
En zodra een MitM kwaadaardig wordt, noemen we het een AitM (A van Attacker of Adversary).
🗽 Trump
Als Trump Cloudflare opdraagt om geen diensten meer aan NL of EU te leveren, werkt hier HELEMAAL NIETS MEER en dondert onze economie als een kaartenhuis in elkaar.
🃏 DV-certs
Dat Cloudflare een website-certificaat voor bijvoorbeeld https://vvd.nl of https://cidi.nl heeft verkregen, zou vreemd moeten zijn. Dit is echter een peuleschil "dankzij" DV (Domain Validated) certificaten (het lievelingetje van Google) die het internet steeds onveiliger maken en waar ook onze overheid "voor gevallen is" (zie https://infosec.exchange/@ErikvanStraten/114032329847123742).
😱 Nepwebsites
Maar dit is nog niet alles: steeds meer criminele nepwebsites *verstoppen* zich achter Cloudflare, waar zijzelf (crimineel) geld aan verdient. Zie bijvoorbeeld https://security.nl/posting/876655 (of kijk eens in het "RELATIONS" tabblad van https://www.virustotal.com/gui/ip-address/188.114.96.0/relations en druk enkele keren op •••).
#Risico #Economie #Cloudflare #Fastly #CDN #AitM #MitM #FISASection702 #FISA #ThreeLetterAgencies #Trump #Sbowden #E2EE #InfoSec #VVD #PVV #CIDI #VT #VirusTotal #DVCerts #DV #OV #EV #QWAC #CyberCrime #NepWebsites #FakeWebsites
Edited 156d ago
![Avatar for Futuristic Robert [KJ5ELX] :donor:](/proxy/identity_icon/424654711410473250/0d01fec991.gif){kind=icon}
So, Cloudflare analyzed passwords people are using to log in to sites they protect and discovered lots of re-use.
Let me put the important words in uppercase.
So, CLOUDFLARE ANALYZED PASSWORDS PEOPLE ARE USING to LOG IN to sites THEY PROTECT and DISCOVERED lots of re-use.
[Edit with H/T: https://benjojo.co.uk/u/benjojo/h/cR4dJWj3KZltPv3rqX]
https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/
Edited 132d ago
Recently I boosted a couple of links about cloudflare doing some sort of password re-use analysis on passwords they saw through their WAF. This was not a technical post. It was a call to attention. Some of the responses I got suggested that my post was misleading or blowing this way out of proportion. I assure you that neither of these are true.
Don't focus so much on the idea that #cloudflare has access to passwords that come through their systems. In better times I'd welcome such an effort. At least they didn't chastize someone who really loved a silly movie, like Netflix did long ago. Instead, focus on the fact that they are a company based in the United States meaning they are subject to the whim of a fascist regime that is proving it doesn't care about the letter of the law.
I'm not concerned about my password security for the sites that transit their service. I am a cishet middle class white male. I'm pretty low on the target list.
*** I AM concerned about the password security for at risk populations who access sites crucial for them, that transit through cloudflare. I'm concerned about the LGBTQIA+ population in the United States. I'm concerned about pregnant women. I'm concerned about Jews, and Muslims, and Bhuddists, and everyone else who doesn't fit into the narrow worldview of the fascist reich that is the republican party and their bootlickers. The FBI, Justice Department, State Department, etc no longer serve the american people. They serve an emperor. This is a time of great danger any website or service that attracts at risk populations should seriously consider if using some of cloudflare's features is worth it, or if they should take their business elsewhere.
#Fedify 1.6 is approaching with three major enhancements: RFC 9421 HTTP Message Signatures support with double-knocking for seamless backward compatibility, a new builder pattern for better code organization in large applications, and native #Cloudflare #Workers support for serverless deployments. These additions strengthen Fedify's standards compliance while expanding deployment flexibility across different environments. Stay tuned for the official release! 🚀
#ActivityPub #fedidev #fediverse #RFC9421 #CloudflareWorkers
Moment of Gratitude: CloudFlare
CloudFlare saved the Internet Archive servers from DDOS attack yesterday
The max rate of this DDOS attack was 525 Gbps (44.93 Mpps) of a "TCP flood."
The Internet Archive does not have enough bandwidth to fend off that kind of attack.
Thank you #cloudflare or we would have had a very bad Saturday at the @internetarchive
DDOS attacks are coming more frequently.
Edited 41d ago
【服务中断】XMSL HK 基础设施中断
开始时间:2025年6月18日 21:58:17
一次恢复时间:2025年6月18日 23:42:10
涉及服务:XMSL-Paste 和 XMSL-RPKI
不涉及任何 #DN42 内部服务,不涉及公网路由服务
接上游供应商通知,上游正遭受大规模 #DDoS 攻击,造成我们基础设施完全中断不可用。服务将在攻击结束后较短时间内恢复。目前站点由 #Cloudflare 缓存提供。
Edited 39d ago
🎬 Recorded #CloudFlare 🌩️ #Firing And #CEO Response..
🌩️ This sounds like a sales job. If it is it is FAR more brutal then any other department. It's basically broken down like this 1. If you miss your targets for a month/quarter whatever the sales cycle is, they examine it. 2. If you miss for two or more quarters consecutive they fire you.
* JOBS FOR ALL #GLOBALLY!
* #WORK_FROM_HOME
* BE YOUR #OWN_BOSS.
* #SIGN YOUR OWN #PAYCHECKS!
* WORK YOUR OWN #HOURS
* MAKE IN EXCESS OF 300K PER #MONTH NET! 🤑 💰 👍
* #UNLIMITED_OPPORTUNITIES 🤑
TastingTraffic Launching Soon! Jobs for all Worldwide.
🌩️ Youtube Comments:
🌩️ If a company lays off a team, but doesn't want to call it a layoff, that should be illegal. Especially for a publicly traded company.
🌩️ I've been on both sides. Fired by the algo/ai is true in most cases. I've seen great developers get fired because they were "underperforming": They delivered fewer points during sprints but worked on critical issues and bugs that affected clients ( many times, the effort was estimated wrongly ), while the highest performers were working on smaller, low-priority stuff and pilling numbers. I also happened to be fired after delivering piles of features and being praised by my manager at every single chance, just to find out I was fired the next week, without a word from anyone, probably for cost-savings, I'll never know.
🌩️ If you judge everything only by numbers, eventually everyone will give up on putting in effort and will start to work on the next shiny thing.
🌩️ Most places are not Netflix-ish, I dare to say that most software companies are true slaughterhouses, managed by those who believe 9 women can deliver a child in 1 month.
🌩️ Numbers without context are worth nothing.
🌩️ Happy to hop on the programming train: Also you're right. HR is never - ever for the people. Only for the company and would do anything to weasel out of explaining the reason for termination.
🌩️ I believe if they'd actually respond to her question they'd expose themselves to some nasty lawsuits.
🌩️ HR is always there to protect the company, never you. Always be wary of anyone from HR being in a meeting.
🌩️ I suspect it probably is layoffs but they're attempting to get out of paying any severance package, hence attributing it to "expectations" they claim that she wasn't able to meet.
🌩️ What corporations do, and this is true, is they have a list of “expectations” that are basically physically impossible for anyone to achieve, and they can use this to “legally” lay anyone off whenever they need to cut corners
💼 JOBS FOR ALL = UNLIMITED OPPORTUNITIES!
* JOBS FOR ALL #GLOBALLY!
* #WORK_FROM_HOME
* BE YOUR #OWN_BOSS.
* #SIGN YOUR OWN #PAYCHECKS!
* WORK YOUR OWN #HOURS
* MAKE IN EXCESS OF 300K PER #MONTH NET! 🤑 💰 👍
* #UNLIMITED_OPPORTUNITIES 🤑
DavidV: 25 YEARS 24/7 Experience:
* Software Architect (PhD) Supervisor -25 years 300K PMS (project management) hours
* EXPERT BLACK BOX TESTER (1999)
* Founder of WebTafficCops.com the 1ST Dedicated CLICK FRAUD ENGINE on the Planet (1999)
* Founder of SEO (Search Engine Optimization, (1999)
* Founder of RTB (Real Time Bidding (1999)
* Founder of HFT (High Frequency Trading 2001)
* Founder of the first Screen Recorder (Applets) on the Planet (2000)
* Founder of DEVSECOPS (2000)
* Founder and CREATOR OF #BULLETPROOF #cryptocurrency FULL PRIVATE NODES via WWW since 2016 and MERCHANT INTERGRATION.
* http://Withbrains.com/@wemoveeyeballs ® (HOT! HOT! DIGITAL TRAFFIC ALERTS! Traffic is King! >> Got Content?);
* https://TastingTraffic.net ® ( #International_Tech_News | Decentralized Social);
* http://JustBlameWayne.com ® (Just Blame Wayne & Post it | Decentralized Social);
* http://Davidv.TV ® (Big Faith | Christianity RAW 101 | Decentralized Social);
* https://withbrains.com/@davidv ® (Decentralized Social--Building Human Peripherals Since 1999)
TASTINGTRAFFIC_LLC are NOT affiliates of this provider or referenced images used. This is NOT an endorsement OR Sponsored (Paid) Promotion/Reshare.
🍷 🍾 #TASTINGTRAFFIC_LLC | The Largest (WWW) #DIGITAL_TRAFFIC PROVIDER in the WORLD since 1999.
🌐 WORLD WIDE BUSINESS HOURS?? 24/7 ;)
JOBS FOR ALL WORLDWIDE COMING SOON;!
http://Withbrains.com/@wemoveeyeballs ® (HOT! HOT! DIGITAL TRAFFIC ALERTS! Traffic is King! >> Got Content?);
https://TastingTraffic.net ® ( #International_Tech_News | Decentralized Social);
http://JustBlameWayne.com ® (Just Blame Wayne & Post it | Decentralized Social);
http://Davidv.TV ® (Big Faith | Christianity RAW 101 | Decentralized Social);
https://withbrains.com/@davidv ® (Decentralized Social--Building Human Peripherals Since 1999)
TASTINGTRAFFIC_LLC are NOT affiliates of this provider or referenced images used. This is NOT an endorsement OR Sponsored (Paid) Promotion/Reshare.
🚧 #WARNING! #Cloudflare: Pay Me $120,000k Or We #Shut #You #Down in 24 hrs..??
Rule of Thumb: These are 3rd party services (like 3rd party cookies) that have always been intended for #temporary_use ONLY = #convenience USE.
..And the #Price of #Convenience can be #COSTLY! 🤑
These systems were never intended for #long_term_use that allow SENSITIVE insights and capitalization of your Companies #TRADE_SECRETS VIA #DATA_COLLECTION 📈 #ANALYTICS??
TastingTraffic LLC: INVENTOR AND FOUNDER OF #SEO & #DEVSECOPS SINCE 1999.
Using THIRD PARTY CENTRALIZED PLATFORMS is the exact same as using 3RD PARTY COOKIES for Tracking and Tracing w/o Author Consent = #DATA_COLLECTION ON #STERIODS!
Keep your #DNS_PRIVATE! Create your Own #DNS #Nameservers TODAY!
How to Create #Private #Name_Servers in #Enom.com
(aka Enom -- An Actual #Registrar)
📛 DISCLAIMER: We Cover the 'Way' the #News is #COVERED_UP! 👿
WELCOME TO #DECENTRALIZED_GLOBALIZATION 🌐 #GLOBALIZATION is NOT Dead! It's just the Beginning!..
The NEW DIGITAL GLOBAL ORDER | NO NATIONALITY LEFT BEHIND | COMING SOON! 🌏 🌍 🌎
🔴 The #Next #Global_Superpower Isn't Who You #Think 🧠 WHO is TastingTraffic.com?
🧠 https://youtu.be/uiUPD-z9DTg
DavidV: 25 YEARS 24/7 Experience:
* Software Architect (PhD) Supervisor -25 years 300K PMS (project management) hours
* EXPERT BLACK BOX TESTER (1999)
* Founder of WebTafficCops.com the 1ST Dedicated CLICK FRAUD ENGINE on the Planet (1999)
* Founder of SEO (Search Engine Optimization, (1999)
* Founder of RTB (Real Time Bidding (1999)
* Founder of HFT (High Frequency Trading 2001)
* Founder of the first Screen Recorder (Applets) on the Planet (2000)
* Founder of DEVSECOPS (2000)
* Founder and CREATOR OF #BULLETPROOF #cryptocurrency FULL PRIVATE NODES via WWW since 2016 and MERCHANT INTEGRATION.
🍷 🍾 #TASTINGTRAFFIC_LLC | The Largest (WWW) #DIGITAL_TRAFFIC PROVIDER in the WORLD since 1999.
🌐 https://tastingtraffic.net/sitemap.xml
TASTINGTRAFFIC_LLC are NOT affiliates of this provider or referenced images used. This is NOT an endorsement OR Sponsored (Paid) Promotion/Reshare.
对 Relay 进行了一波升级,主要包含以下要点:
1. 前端生成器大大大大大大重构 —— 错误处理和日志记录完全重写
2. 为生成器引入了 nodeinfo 端点抓取失败自动顺序尝试其他可能的端点的功能 以应对前段时间提到的奇怪实例错误
3. 为生成器设置了一个 User-Agent 便于识别以及避免被 #Cloudflare 拦截
4. 前端页面添加了追踪器,我想看看 Magic SEO
-> FurCa Relay
---
We have upgraded our relay, which mainly includes the following key points:
1. The front-end generator has been significantly restructured — error handling and logging have been completely rewritten.
2. Introduced a feature for the generator to automatically attempt other possible endpoints in sequence when .well-known/nodeinfo endpoint retrieval fails, addressing the strange instance errors mentioned earlier
3. Set a User-Agent for the generator to facilitate identification and avoid being blocked by #Cloudflare
4. Added a tracker to the frontend page; I just want to see Magic SEO