I'm a product manager at Cloudflare. Thanks very much for posting this here.
This looks like a bug with our "Managed Challenge" security action that's causing the loop. This feature attempts to determine browser versus non-browser traffic and block non-browsers. The fact that the challenge is currently not working for Waterfox Classic and Pale Moon is not by intent, and we do not want to be in the business of saying one browser is more legitimate than another.
I see that the name of our Browser Integrity Check feature (which is not causing the block here) is drawing some attention. This is a feature that blocks malformed HTTP request headers, and user-agents commonly used by abusive bots (like user-agents with Java and Python in them). This is a pretty simple set of rules that also does not attempt to differentiate between browsers. Here's our KB article on the feature: https://support.cloudflare.com/hc/en-us/articles/200170086-U...
I'm sorry that this has caused a serious issue for quite a large number of users, and that we were not more reachable in our community forum. I'll provide a follow-up here when we have an update on the bug. Thank you again for taking the time to write this up!
I'm sorry if my post came off as accusing Cloudflare of malice, it was never my intention. I was rather worried about negligence on supporting these older codebases, and I'm relieved to hear Cloudflare is on top of this bug.
Hardware firewalls provide some protection against the kinds of threats XP faces. More to answer your question; I'm running the latest available versions of Windows 10. I sometimes use FF 56 for its consistency in behavior, XPI addon support (NoScript and uBlock still function), customizable UI, and for critical tasks (banking (affected by the Cloudflare problem)). I use FF 90+ for daily driving, and I despise it.
I am using firefox 52 , I can't upgrade to newer browser without upgrading the OS and the computer system. I can't afford to upgrade my system. I am totally not a bot and have been trying to visit a site getting stuck in the "checking your browser" loop, any chance Cloudflare can accomodate this older browser.
Don't know what you and your team did but the problem is resolved for me , I am able to visit the site that I got stuck at "checking your browser" loop previously. I thank anyone still support older browsers.
> we do not want to be in the business of saying one browser is more legitimate than another
This is essentially what you do by necessity when attempting to block bots through browser checks, as bots are just unmanned browsers. This is bound to keep happening, especially with regards to more obscure browsers few people report on.
This looks like a bug with our "Managed Challenge" security action that's causing the loop. This feature attempts to determine browser versus non-browser traffic and block non-browsers. The fact that the challenge is currently not working for Waterfox Classic and Pale Moon is not by intent, and we do not want to be in the business of saying one browser is more legitimate than another.
I see that the name of our Browser Integrity Check feature (which is not causing the block here) is drawing some attention. This is a feature that blocks malformed HTTP request headers, and user-agents commonly used by abusive bots (like user-agents with Java and Python in them). This is a pretty simple set of rules that also does not attempt to differentiate between browsers. Here's our KB article on the feature: https://support.cloudflare.com/hc/en-us/articles/200170086-U...
I'm sorry that this has caused a serious issue for quite a large number of users, and that we were not more reachable in our community forum. I'll provide a follow-up here when we have an update on the bug. Thank you again for taking the time to write this up!