Hacker News new | past | comments | ask | show | jobs | submit login

This is even worse for RSS. Website admin enables Cloudflare for DDoS protection, and RSS clients start getting errors, because they cannot prove their humanity. Would be great if some workaround would be built into Cloudflare, as contacting website admin probably won't do any good.



This is, in fact, a problematic case. RSS is expected to be consumed by other applications and bots. To make things worse, it might not be immediately obvious to the site owner when CF is interfering with the access to his content.


Website admin can solve this and still have protection by enabling caching of the rss feed, using a transform rule to drop all fields that could mess with the cache key, and then reducing the security level for that url. The cache works fine as a DDoS defense aswell as long as you don't let people mess with the key.


Same with API access. I had to change curl's user agent to chrome in order to use some API service that hosted behind cloudflare reliably.


That changing the user agent string helps just shows how absurd these checks are.


I've had this happen to me. I ended up configuring a proxy feed in Feedburner.


so you gave up more control of your content because Cloudflare's a belligerent actor :(

depressing you got stuck in such a mess




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: