Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Cloudflare marking all traffic from Pakistan as threat
30 points by hu_me on July 9, 2012 | hide | past | web | favorite | 10 comments
whenever I click through to a site managed through cloudflare I end up seeing a screen asking me to identify myself. This has happened often enough especially with HN articles that I just close some articles outright and read the discussion on HN instead.

As an experiment I setup cloudflare for website of mine which gets majority of its traffic from Pakistan (where I am located). This is what I see https://dl.dropbox.com/u/8037186/cloudflare.png

It basically shows cloudflare marking 100% of traffic from Pakistan as known threats.

I would be interested to find out if its a common problem facing users from this region / other developing countries?

We commonly have shared ips in Pakistan could this cause cloudflare false positives?

Any suggestions for avoiding the captcha?

The situation is even worse. This is mine: http://img14.imageshack.us/img14/5352/screenkkw.png

As you can see Germany is completely blocked (I've set all the protections to off/minimum), China is the same (this could be understable). But the really main problem in my experience is that it blocked all the traffics from Italian connections too from Fastweb, which is a provider that NAT his network, so many people have the same IP, the problem is that Cloudflare has few of their IP blocked, so all that users will see the captcha page. I've solved adding the whole country in the permit list. I've notified few times to the support email but the problem still there (and I guess with other providers, I noticed that one because I was a Fastweb user)

p.s. today, as many others, I'm also getting many 502 bad gateway errors on connection.... that's really bad :(

Just accessed http://www.founderly.com/ (cloudflare CDN'ed) and it works from here in Dhaka, Bangladesh via the Qubee Wimax.

this one opens for me as well. Maybe this has to do with Security settings on the domain?

Add US to the list that cloud flare completely blocks:


Have you tried contacting anyone at CloudFlare about this?

When I was in South America I got this quite a lot too, especially when on 3g phone networks. Quite annoying.

Mirror on imgur, the dropbox one won't last long:


The same happens in India (on BSNL.)

CloudFlare does this to a lot of countries. Once I found out it was doing this, I disabled all their threat protection for my sites since they don't seem to provide a way to configure it directly and they seem to be doing it on purpose.

Anyone putting CloudFlare in front of their site should really disable the threat protection entirely. It's a shame that the CF team doesn't do anything to inform you about this problem or how to mitigate it.

thats exactly what I did. though I really like cf and its attempt at making domain management a bit more 2.0. they havent nailed threat protection yet.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact