Aug 10, 2023 19:00:00

A case is reported in which the site used for work became inaccessible due to the attention of Cloudflare

Cloudflare holds a very large share in various Internet-related services such as CDN and security, so once

individuals and small businesses are caught by Cloudflare, most of the Internet becomes unusable. you may encounter. Computational biologist James Hawley, who works for the Swiss pharmaceutical company Roche, wrote about his experience of being blocked from a site essential to his work due to Cloudflare's regulation for a trivial matter.

Blocked by Cloudflare
https://jrhawley.ca/2023/08/07/blocked-by-cloudflare

According to Hawley, when Internet users access a site that uses Cloudflare, the site will check the integrity of the visitor's browser. It has the ability to block access by bots, malicious threat actors, etc., but sometimes well-meaning visitors who shouldn't have any problems encounter a glitch known as a 'secure connection loop.'

When hit by this issue, users are stuck in a Cloudflare screen like the one below, forever watching the loading sign keep spinning.

Hawley also ran into Cloudflare's 'secure connection loop.' Hawley, who could not solve the problem by disabling browser extensions, switching to private browsing, or restarting the terminal, said during the investigation, ``If you are using Firefox, change about:config Find the page that says 'Disable

the privacy.resistFingerprinting option '.

When checking Firefox's settings, the function was already disabled, so Mr. Holly tried changing the value of 'false' to 'true'. Then, I was able to successfully access the site I wanted to browse, so the problem seemed to be solved.

However, Mr. Hawley faces an even bigger problem the next day. When Mr. Hawley accessed an internal site necessary for work, different from the site mentioned above, access was denied by Cloudflare.

Restoring Firefox's settings made no difference, and Mr. Holly, who was using a work terminal connected to his workplace's VPN, was unable to access the internal sites he needed to do his job.

Hawley believes Cloudflare tagged the visitor as a suspicious visitor, likely due to the initial 'secure connection loop' causing the browser to make multiple visits in a short period of time. After that, Mr. Holly blocked the fingerprint, so Cloudflare finally identified Mr. Holly as a villainous hacker and prevented him from even browsing the workplace site.

Fortunately, when I tried using Chrome instead of Firefox, Mr. Hawley was able to access the internal site. However, Mr. Hawley, who is forced to use Chrome, which does not have privacy features like Firefox, was annoyed by the advertisements displayed based on the fingerprints collected by Chrome.

Also, the fact that access is blocked in Firefox but not in Chrome means that Cloudflare blocks Mr. Holly based on the fingerprint of Mr. Holly's browser itself or the information that 'there is no fingerprint'. indicates that

About this experience, Mr. Hawley said, ``This experience is exactly the concern I had about the future of the web. The slightest deviation from expected behavior has blocked access to needed resources.The web has given more power to unaccountable corporations and less power to individuals. The future will inevitably lead to more situations like this.'