Our organization dropped trust of Cloudflare and all it's IP address assignments a while back. We don't allow any data from their networks, CDNs, or A-DNS's to be received by our network.
It is just not worth dealing with Cloudflare at all in a business network.
That essentially means that you can't use any services that happen to be hosted behind Cloudflare, like OpenAI/ChatGPT, GitLab, Hubspot and Shopify. And anyone on WARP and about half of iCloud Private Relay requests won't make it to your services.
I suppose it strongly depends on your organisation, but I'm not seeing how this would be a realistic option unless you're very powerful or have a lot of cash to burn on non-core business processes.
Have you run into any issues yet with Cloudflare customer using their Gateway Zero trust offerings that end up egressing with Cloudflare IPs or how do you plan on handling that as that business grows?
Apple private relay is also fronted by Cloudflare or are actually allowing large amounts of traffic from Clouldflare?
IANAL but a face-value evaluation of this policy seems unlikely to shield Cloudflare from either civil or criminal liability for illegal activity? I know the DMCA provides a certain degree of immunity to web hosts (regarding copyrighted content in particular) but after abuse is reported I believe there's a timeline where action must be taken or they lose their immunity, right? Does a similar law not exist for content that's already always illegal (such as hosting C&C servers for/distributing malware)?
> The advantage of this policy is that it makes life easy for Cloudflare, as they do not have to do any deep investigation or analysis of incidents, and notification flow can be largely automated. In this way, the cost of dealing with abuse is very low, benefiting the bottom line…
This seems like a variation of a fundamental attribution error.
It is just not worth dealing with Cloudflare at all in a business network.