Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "cloudflare"
Today, I learned the shortest command which will determine if a ping from your machine can reach the Internet:
This parses as 220.127.116.11, which thanks to Cloudflare, is now the IP address of an Internet-facing machine which responds to ICMP pings.
Oh, you can also use this trick to parse 10.0.0.x from `10.x` or 127.0.0.1 from `127.1`. It's just like IPv6's :: notation, except less explicit.11
Google: The SHA-1 collision is the biggest news today
Cloudflare: Hold my beer
AWS: Call me your daddy3
"Oh, he is asking that much money for this website? I will create that for only $250 with WordPress. He is just trying to use you"
You fucking wanker. What you don't understand is that you are pushing the companies to a fucking black hole that they won't be able to recover from.
He shows an example of a website which takes 30 sec to load. It's full of hundreds of dreadful plugins. He chose the shittiest stock pictures to make it look "pretty".
When I point out his fucking shite website takes this long to load, he says if the company wants to make the website fast, they will need buy the premium plan of CloudFlare. WHAT THE FUCK are you even talking about?
Not only that, the example website, doesn't even have any SSL. He is saying that the other company didn't want to pay for the SSL. Ever heard of fucking StartSSL or LetsEncrypt?
It's people like you who is responsible for making half of the web an insecure, slow, low-performance space which is prone to hacking.
WordPress was made for blogging. KEEP IT THAT WAY. Stop trying to make your high-performance CMS or eCommerce website with this shite.16
Google: this sha-1 collision is really gonna fuck up the internet more than anything else today
Cloudflare: hold my beer
I get a call: "Hey the site is down. Fix it!"
Worked on my workstation, not on my phone => DNS issue.
Local cache: "All OK"
ISP's DNS: "No record"
Google DNS: "Server error"
MXToolbox: "All OK"
CloudFlare DNS: "Domain? What domain?"
After a day of fucking around with configs and wanting to strangle the customer support guy, I just started pressing buttons, until suddenly, it worked. Turns out I'd accidentally enabled DNSSEC on a domain, that wasn't configured for it.
Lesson learned: There is no official DNS error code for "DNSSEC failed somewhere upstream". If you're lucky, you might get something useful out of the authoritative server, but apparently not on Mondays.8
So apparently two "senior" "laravel-engineers" spent a total billed 35 hours trying to figure out a "critical bug" which "doesn't happen locally".
I went to the dev-console, saw it is generating http urls (fronted by cloudflare https, running on http server-side) and fixed that in maybe ~15 minutes, fucking morons.10
Weekend so far:
Chrome Update FUCKED UP my website.
Tried to update my server to Ubuntu 16.04. That FUCKED UP in the middle and I didn't have any recent backup.
Went back to old backup. But didn't see any changes in the website. Was wondering that for 1 hour.
Forgot that my website was using cloudflare caching. In the meantime I have changed my DNS settings.
Out of frustration removed website from cloudflare. That FUCKED UP the DNS further.
Now I have no idea how long it will take the DNS to update.
FUCKING F M L8
"Hmm, I wonder if Cloudflare has a limit to the amount of data I can store in the CDN"
*Uploads a shitton of crap to a Nextcloud server and caches everything via cloudflare*
So far - 300GB stored.5
Found this on mastodon:
I sometimes imagine that somewhere there must be a Ministry for Messing Up the Internet. It would be like a Monty Python sketch.
Each day a new idea would arrive in the intray of an official who looks like a young John Cleese. They would form a large pile of papers.
[reads] "Make a protocol so complicated that nobody can understand it. No the Sematic Web has already been tried".
[reads] "Ban all the cat photos for spurious copyright reasons. No, we already have an upload filter in progress to do that".
[reads] "Fill Tim Berners-Lee's socks with elephants. No - much too silly."
"Ah yes, [reads] make a giant man in the middle that everything on the internet has to go through like a sausage machine and get squirted out on the other side, hopefully in the correct order. Bernard, get Cloudflare on the phone immediately."
Sometimes the design decisions of big companies amazes me.
I wanted to contact support of Cloudflare. The only way to submit a new support query is by logging into the account first.
My problem is that I can not log into my account. What a bunch of retards.6
The company I work for (very big IT consultancy) has made the absolutely genius decision to put a block on the corporate proxy for GitHub. GITHUB. Because no fucking software developer ever needs to visit there. Their reason? "We don't want people publishing our intellectual property". Mate, I can fucking guarantee you that if unscrupulous bastards want to publish code against our T&C's, they will do so. Why make every body else's job harder and block it?!
But the best bit, you can submit a request (that is accepted without question) to get yourself an exemption. WHY THE FUCKING FUCK HAVE THE BLOCK IN THE FIRST PLACE THEN
Apple was founded and gmail was launched on 1st of April. Now to the list,
Cloudflare launches https://18.104.22.168 on April 1st.3
Cloudflare listed as an advertising company, so much for your privacy.
MAINTENANCE OF STACKOVERFLOW PLANNED
SHARE TO YOUR NEAREST DEV FRIENDS
Stackoverflow and its relative partners will be closed for two days due to maintenance, new design, and moving server infrastructure from United States to 1km below the Switzerland Alps for extra layers of security. This decision was made by the recent CloudFlare data leak.
Now our servers will be able to handle data leaks because even though the data was leaked, it will fill the empty places in the rocks resulting inaccessible from attackers.
Stackoverflow and its relative partners' maintenance estimated time is February 29 - 30. We will try to finish as fast as possible and bring you guys the best experience. If the maintenance delayes, we will tweet via @StackStatus or post details in our status blog.
Thank you for your support and have a happy day.
Stack Exchange team7
DECLARING CLOUDFLARE WEEK
DISCLAIMER : THZ CLOUDBLEED
Hey guys remember when gitlab was something blah blah? Now lets talk about cloudflare for a week!10
Had a configure issue on a site running through CloudFlare hosted at WPEngine. Support on chat guy says "can I take a look at your setup" so I screenshot him! He says they're are new ways to point to WPEngine whilst using SSL so I say OK and he points me to a support article which seems accurate. He then says now I want you to change two records so I say ok (not thinking) which I do (stupidly)
Result site no longer reachable.
What do I do now? He says very seriously "you need to wait 24-48 hours for the DNS to propogate"
"Your joking it's a huge site with 20k visitors per day with advertisers on it"
"I'm sorry there is nothing I can do until the DNS YOU changed has propagated"
"I changed?" "Yes you changed the CloudFlare settings"
"You told me to!"
"Is there anything else I can help you with?"7
<link rel="stylesheet" src="main.css" />
<h1> Don't mind me, just taking my buffers for a walk</h1>
The new company to hate is cloudflare. If someone uses them all your https traffic is visible to cloudflare and there is no other way to use that website, and they’re taking over like crazy.14
I have a suggestion for you,
Please set up an Unbound resolver so people does not have to depend on big actors like Google, Cloudflare or quad9.15
*Writes Voting platform*
*Uses ips to stop duplicate voting*
*Notices how lots of the IPS are similar*
Oh shit. Cloudflare HTTP proxy...
I provide hosting for my clients. About 3 months ago I discovered that the hosting company that I'd been using had been swallowed up by EIG, which explained why the tech support had gone downhill.
So, I jumped to another hosting company. Same shit different company!
Apparently the fact that my browsers sit at "connecting" for up to 30 seconds, and I get a "could not connect to" message half the time while I'm trying to fucking work on a deadline is the fault of some plug-in in a WordPress installation!
Oh yeah? Why then does this shit happen when I'm working on a pure html/css site?
Why then did it start happening after they "updated" my shared server?!
Oh, but the bastards suggest that I buy Cloudflare or pay for more space!
You fuckers made my work take 3 times as long, and you made an important migration fail!
Network places make mistakes. We all do. That's cool. Fucking own up to it, talk to me like a techie, and DON'T TRY TO BLAME IT ON ME OR MY TOOLS!
Fuck you! I think I'm gonna give Google Cloud a try, and do this shit myself!7
When your websites start returning 502 errors all of a sudden and you can't figure out why. Clear PHP artisan cache, restart Nginx, make sure PHP-FPM is running. Still 502 errors. Then you find out Cloudflare is down. 😐😐😐
This was me last night.3
Fucking non technical managers and their shitty clients to whom they suck their tiny weiners need to realise that I cannot reorder elements every 10 minutes to the shape of their fart comming out of their ass, test it, deploy it, trigger webhook, clear cloudflare cache, and meanwhile be sure that it's written in quality manner for future upkeep with commits that have sense.Hope deadline driven development dies in hell where it belongs
This is fucking rediculous.
A client wanted me to make them a image download resistant galary.
They said they had seen some other site that is "impossible" to download pictures from. This just is not true, they were overlaying transparent images over the images.
Two days after I do that, set up everything on their server, and disable hotlinking in their CloudFlare, without being contacted at all, I've received a not-as-described PayPal dispute.
They said someone downloaded their picture and that I said it would be impossible.
How is this possible? The fuck PayPal? I'm going to lose this damn dispute which was gonna pay half of my rent.12
Just came across a video telling how cloudflare fetches real random data for their generators: Lava lamps, radio active properties and a chaotic pendulum
What my twitter looks like after Cloudflare decides to randomly close all my websocket connections from my free Discord bot, leaving it to die from arbitrary rate limits.
me: *hosting docker registry for our team*
me: *sets up ssl and cloudflare dns and shit*
me: *tries to push to registry*
my pc: *413 rEQuEst EnTITy tOo LarGe*
me: *spends 4 hours scrutinizing the shit out of my nginx configs*
me: *finally finds cloudflare sitting there rejecting all of the requests... that cheeky bastard*
I've seen some rants about people complaining about websites using the 'www' subdomain, so I'd like to take this opportunity to try to explain my opinion about why sites might use it.
I use to feel the same way about not having the www subdomain. It felt like an outdated standard that serves no purpose. But I have changed my option...
Sometimes certain servers have other services running other than just the website, such as ssh, ftp, sql, etc., running on different ports. What if you want to use a web proxy and caching service similar to cloudflare or a cdn? We'll you can't, because they won't allow traffic to flow through to your other ports.
That's where the www subdomain comes in. Enable your caching and cdn on your www subdomain, and slap a 301 redirect from your primary domain on port 80 or 443 to the www subdomain. This still allows you to access your other services via the domain name while still gaining the benefits of using a cdn.
Now I know you could use an 'ftp' subdomain or the like, but to each their own in that regard.7
How can I use a custom DNS server on my schools network?
They seem to block any DNS that isn't their own. I've tried 22.214.171.124 and the new cloudflare one. Both blocked, it's a real issue because their default dns dies for about a minute every 12/24 hrs causing my VPN to go down.
How do they even block external DNS servers?5
Cheapskate's website deployment stack for new projects:
namecheap ($10 domain) + heroku (free hosting) + mailgun (free email) + Cloudflare (free SSL) = $10/year3
EVERY FUCKING TIME I HAVE TO ASK FOR SOME DNS CONFIGURATION OTHER THAN A SINGLE "A" RECORD THE TI HEAD MANAGES TO FUCK UP...
WHAT THE FUCK IS SO HARD DUDE???
FUCKINGSUBDOMAIN > FUCKING.ALIAS.COM
THIS TIME OUR FUCKING PROVIDER CANT MANAGE ROOT DOMAIN CNAMES SO WHAT DID HE DO?
SIMPLE SAID "ALL DONE" AND ONE WEEK LATTER PEOPLE ARE COMPLAINING BECAUSE THE FUCKING ROOT DOMAIN ISN'T WORKING...
COME ON DUDE, JUST KILL YOURSELF.
AND FOR THE FUCKING MILLIONTH TIME: DOMAIN REGISTAR AND DOMAIN MANAGER ARE TWO SEPARATE FUCKING THINGS! YOU CAN REGISTER YOUR FUCKING DOMAIN ON GODADDY AND MANAGE IT ON FUCKING CLOUDFLARE BY CONFIGURING THE FUCKING DNS SERVERS5
I moved my website to aws and I managed to use cloudflare, load balancer (to skip around route53), ec2 and RDS with no programming skills. Starting to enjoy this :D
How do you counter DOS attack? I have one online service where an idiot just calls curl command to one endpoint.
Although my service is working and server performance is not affected, I found it annoying.
Cloudflare could be a solution, the reason I did not use before is user might have to wait a few seconds before seeing the app, but if no choice then.18
For all the privacy focused people out there, Cloudflare and APnic announced (about 2 days ago) that they created a privacy-first super fast dns server (126.96.36.199 and 188.8.131.52)
I already ranted about this particular designer and his need to mess with the client's server configurations.
Last time he thought it would be a good idea to use cloudflare for the 1 visitor per day website. And because he missed adding some important subdomains, the admin and register page didn't work. And oc the client called me in the night and during work because I destroyed her system.
And the worst is that this designer tries to redesign everything for 3 years. Every time he sends me new stuff, something is missing. Then I write him, that xyz is missing and he doesn't respond for months. Then the client calls me, why I still didn't finish the redesign and I have to discuss with her about the designer missed something. Then the designer writes the next time, that he will send me new stuff because the design will change again.
Oh, and I already wrote, that the designer is the client's boyfriend, so he probably sits beside her when I have to defend myself about not being able to finish the redesign.1
PSA Cloudflare had a bug in there system where they were dumping random pieces of memory in the body of HTML responses, things like passwords, API tokens, personal information, chats, hotel bookings, in plain text, unencrypted. Once discovered they were able to fix it pretty quickly, but it could have been out in the wild as early as September of last year. The major issue with this is that many of those results were cached by search engines. The bug itself was discovered when people found this stuff on the google search results page.
It's not quite end of the world, but it's much worse than Heartbleed.
Now excuse me this weekend as I have to go change all of my passwords.3
Some interesting reads I came across yesterday:
- Github got DDOSd with 1.35Tbps via memcached
- Troy Hunt, the creator of https://haveibeenpwned.com/ released "Pwned Passwords" V2 and talks about his partnership with cloudflare, how he handles traffic, why he chose SHA1 for the passwords, how he together with a cloudflare engineer thought of a solution to anonymize password checks and more
Why does noone implement autoupdater, especialy on linux side? Is there a reason i dont get? Sure, most system stuff is better in apt, but if i install servers, i do not want to wait for these stupid linux release timings! If it were hard, id understand. But most of this is possible with something like GitHub API and 20 Minutes of time. I mean, yeah backwards compatibility and what not, but then handle that internaly.
Example: I use dnsmasq on a raspberry pi. RPI is running raspbian. Raspian is debian 8. Debian 8 has a version of dnsmasq with a pretty annoying bug, which prevents me from using dnssec, as i cant open any cloudflare pages. Why, o why isnt this updated at MY will? Then, if it isnt, why is it so impossible hard to compile this myself, no docs for that, no binaries, NOTHING? Dear server devs, please add atleast basic autoupdate functionality without having to rely on the base os.
Or, give me easily deployable binaries, if you cant write something integrated.12
Finally something good in the name of Privacy. I hope this is NOT a joke !!!
Should cloudflare have taken down their servers to protect their clients? Which is worse, the leak live or the downtime?1
So a client came today to me saying his domain that I setup some time ago isn't working on a specific russian internet provider, checked everything and then came across a blogpost stating cloudflare IPs are blocked. Researched further and it came out that those fucking retards from the "Federal Tax Service of the Russian" blocked a ton of cloudflare IPs because russian online casinos used them like a year ago.
Then checked another domain he had a problem with and the godaddy IPs were also banned - even more extreme they were banned for like 14 incidents, what the fuck, had to create a new account to get a new ip/nameservers assigned from cloudflare, jesus fucking christ.1
Fuck the NBN - you aussies will know!
So apparently Fixed IPs are not a thing for HFC connections unless you have a business account.
Are you fucking kidding me?
Although I didn’t pay for a fixed ip on adsl and it states it’s “dynamic”, mind you it hasn’t changed in 6 years... so it may aswell be fixed right? Right?
Now I have to go explore DDNS with Cloudflare, looks like a api call on ip change will do the trick but urgh.
Ps: I finally.... made it to the nbn - well that’s next week...
only 3 years overdue since my first “NBN ready” letter 😂6
Damn you OVH... You and your goddamn deals again... Now I ended up buying 2 domains for a project again. We all know I'll leave the domain in my cloudflare "keychain" without using it until it expires, because I'll find a fancier and more fun project 😅
I'm at 12 domains right now... I think I might be addicted 🤔
Btw, theres a sick deal going on over at OVH, .com is only 1,20€... Better get your project domain which you'll probably never use again now 😂4
I'm currently making a bash CloudFlare manager(for now it just supports adding "A" records), do you think it is worth the effort I'm putting in it?
GitHub URL if you're interested: https://github.com/BlackOutBG/...
(Also I accept constructive criticism)3
Thank you Cloudflare for replacing my MX records with A's, so that I now don't have a working mailserver, but also subdomains linked to my 404 page! Cloudflare you are great, where can I terminate the contract? When I import the confirguration in my friend's nameservers, it works. When I import it in my domain registrars nameservers, it works. When I import it in the cloudflare's nameservers, everything fucks up and it makes freaking subdomains. And that bullshit even displays MX records on their DNS dashboard! FUUUUCK
Does anybody knows if letsencrypt SSL works with Cloudflare or not?
Because I'm unable to use letsencrypt SSL while using free version of Cloudflare :(5
Cloudflare cached a dynamic page, only because the url ends with a get parameter "&doc=file.docx".1
On holiday with parents and gf...
Wifi here forces you to use their DNS (using Google's or Cloudflare or any other DNS is blocked)...
Can't use my OpenVPN either...
How do I make my blog https? I have a blog using Jekyll and GitHub pages. I have a custom domain so I tried cloudflare free SSL plan - destroyed my DNS records. Haha. Any good post for me to follow and get that green padlock?8
Anyone knows of a good MX (email service)?
I recently protected my webhosting with cloudflare, now just looking for a separate mx server because the current one is exposing my website's real IP14
Talk about giving me a headache..
Mmh k, so i want to move my current domain to cloudflare.
Go to current provider, their site report a previous provider has the record but that provider says they have nothing left.
Contact current provider and they tell me to contact cloudflare, cloudflare tells me to resolve that issue with my previous provider....
Starting to feel like just dropping it and getting a new ...
I just want to say,
wow the Cloudflare API is awesome.
In less then an hour (from a blank file - to automation and tested) I was able to setup a DDNS task that basically just pulls my public ip (see https://devrant.com/rants/2050450/... for details) comparing it to the current DNS records for and update them if anything has changed in the past 30 minutes.
So kudos to these guys letting me in next to no time having a simple yet elegant way of dealing with my missing static ip.
Why can’t all APis be this simple?2
We all make mistakes and cloudflare is a pretty clear example of that where they used == instead of >=
Any advice for debugging a 520 error from Cloudflare?
I know this isn’t SO but Ive been having the toughest time finding a decent way to find the cause of a 520 error from Cloudflare.
I have a droplet of Digital Ocean running Apache 2.4X and randomly throughout the day I will get 520 errors in the browser’s Networking log.
Naturally, there’s nothing even noted in the Apache error log or access log. And Cloudflare has no logs on this in the console.
If I retry the request it will go through with no problem.
Anyone experienced something like this?9