Reply to post: Re: Fsck Cloudflair

Fsck Cloudflair

Marco Fontani

Re: Fsck Cloudflair

There also seems to be an assumption the tor=bad guy

Nope, if that was the case we'd have simply banned known tor exit nodes IPs, or 403'ed known tor user-agents (or both).

That doesn't mean that a lot of hurt can't come from tor connections, though!

So, forcing traffic from known-possibly-bad locations to answer a captcha in order to progress through is a kind of "acceptable middle ground" between "yup, go ahead, possible robotic connection with possibly malicious intentions" and "fuck off, tor user".

If your tor browser clears cookies every time you close it, and you tend to close it ten times per day… well, each time your browser will seem to Cloudflare to be a "new" one, and you'll have to answer the captcha.

Crudflair suggest that the targets of this hassle and levels of hassle are under the control of the customer

Yes, that's right.

The "security level" on cloudflare has been set to "medium" six months ago. As such, connections with a "threat level" > 14 are shown a captcha. A "threat level" of 10 is considered "high" by Cloudflare - so we're doing quite right in only blocking > 14.

Even with that security level system in place there's still a lot of shit traffic that goes through, though, so it's unlikely we'll want to lower it anytime soon.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020