I read the terms before signing up with cloudflare for any of my sites, and it was quite clear it's not meant to be used as an image proxy
> 2.8 Limitation on Serving Non-HTML Content
> The Services are offered primarily as a platform to cache and serve web pages and websites. Unless explicitly included as part of a Paid Service purchased by you, you agree to use the Services solely for the purpose of (i) serving web pages as viewed through a web browser or other functionally equivalent applications, including rendering Hypertext Markup Language (HTML) or other functional equivalents, and (ii) serving web APIs subject to the restrictions set forth in this Section 2.8. Use of the Services for serving video or a disproportionate percentage of pictures, audio files, or other non-HTML content is prohibited, unless purchased separately as part of a Paid Service or expressly allowed under our Supplemental Terms for a specific Service. If we determine you have breached this Section 2.8, we may immediately suspend or restrict your use of the Services, or limit End User access to certain of your resources through the Services.
Break the terms of service, get mad and write a blog post. It's not even hidden in some legalese; they tell you not to serve majority image/video content _everywhere_ in the UI.
All my tunnels are still running great, for free. I could not be happier.
this assessment is reasonable, but not productive.
- Read your terms of service, contractual responsibility and liability for all services. as a leader, youre authoritative and liable for shareholder and corporate risk.
- What you do after the fact is just as important --if not more-- than what you didnt do before. Channel this outrage into action, identify the problem, and countermeasure it to ensure future success.
- Risk is an isotope, do not concentrate it all into one single provider/platform/service or its criticality will prove a detriment to your business. You can mitigate it, accept it, or delegate it, but it cannot be ignored.
- if the product is for free, its likely the roles are reversed. re-evaluate your needs and understand whether youre a consumer, or a product and if this shift in roles aligns appropriately with risk and compliance in your industry. Do not assume the coffee is free.
This is a problem of CloudFlare's own making. They provided a lot of services for "free" to gain scale and market share. Now they are a public company, and things are changing. A pro plan does not give you unlimited CDN data transfer, but I've heard from people enough times, "Just do it on Cloudflare for free", and that perception is CloudFlare's making. When you get to the Enterprise tier, CloudFlare works just like a traditional CDN in terms of metered usage and billing.
* I've been using various CDN's since the 90's, and I'm currently a Cloudflare Enterprise customer. However, Cloudflare, not without its faults, is still the best option out there.
So how much bandwidth were you using, and what proportion of it was images? Like, is it a obviously cut and dry case or is there actually some ambiguity?
(There's some very good reasons to leave terms a bit vague rather than specified exactly, but then you probably wouldn't expect enforcement in cases that are ambiguous.)
The thing that scary me most is that his business get shut down without any notice period (at least the author not mentioning any previous communications from Cloudflare team about the issue).
This is really a shitty thing from Cloudflare, you cannot shut down an already running business without any notice/grace period.
If you break any companies ToS they have the right to terminate your service at any time, unannounced. If you break Facebooks ToS, do they email you with a headsup warning? No, they would just ban you instantly.
This post would have much more credibility if the use-case that triggered the ban was described:
"all my subdomains that operate as image proxies are banned"
That sounds anywhere from perfectly reasonable to completely shady. Writing a post like this and not providing any additional detail on what you were actually doing to trigger the ToS boot leads me (for one) to believe elaboration on your use case would harm your argument, any sympathizing, etc.
From what I've seen before in many cases Cloudflare uses the "non-html content is disproportionate to html content" ToS clause as a catch-all to boot customers they don't like for one reason or another, are wildly "expensive" from a bandwidth standpoint, etc. As many have pointed out here on HN it doesn't even really fundamentally make sense and most websites, by nature, are going to consume more bandwidth with JS/SVG/PNG/etc vs HTML.
They should just be upfront... "If your service uses a disproportionately large amount of any of our resources for the amount of revenue it generates, we will ask you to either pay extra or leave. We'll try to give you a notice period to leave, but in extreme cases the period will be very short or none at all".
Then the TOS should give examples of common things that trigger use of this policy, for example running an image/video host.
I'd like them to commit to always offering a monetary amount which would satisfy them. Often in business, a migration is a slow and painful process, so simply paying 10c/GB to serve video/images might be preferable.
> The Services are offered primarily as a platform to cache and serve web pages and websites. Unless explicitly included as part of a Paid Service purchased by you, you agree to use the Services solely for the purpose of (i) serving web pages as viewed through a web browser or other functionally equivalent applications, including rendering Hypertext Markup Language (HTML) or other functional equivalents, and (ii) serving web APIs subject to the restrictions set forth in this Section 2.8. Use of the Services for serving video or a disproportionate percentage of pictures, audio files, or other non-HTML content is prohibited, unless purchased separately as part of a Paid Service or expressly allowed under our Supplemental Terms for a specific Service. If we determine you have breached this Section 2.8, we may immediately suspend or restrict your use of the Services, or limit End User access to certain of your resources through the Services.
The only thing I keep using from cloudflare is their DNS service.
I know this is not related to the post, but I tried to use workers for a few times, specifically the Cron workers. However it never worked as it should. My Cron was never triggered. And then, when I contacted their support throught the community, theirs mods seemed to basically don't care that Cron workers don't work. I tried and did everything the support mods said to me but nothing worked.
And then, they just stopped answering me.
And more, it wasn't just me. A bunch of people were having the same trouble with Cron workers.
Their support is really trash. There's a lot of "go to the forums", and you go there and get ignored.
We had issues with ZeroTrust and could get literally ZeroHelp. We were told the ZeroTrust team doesn't monitor the forums (which were where we were told by support to go for help, lol).
There are better CDNs for image proxies, Stackpath is way nicer than Cloudflare for image hosting and cheap. Plus you don’t have to let them MitM your pages and endpoints.
Stackpath is an excellent alternative. I use stackpath (moved from incapsula after they got bought out) though I still use cloudflare for some areas. Stackpath support is much better than cloudflare in that I can always contact someone and get a response quickly even over live chat so for support stack path wins - really both tend to just work. I prefer stackpath waf over cloudflare. Only network issues I found is there were issues accessing from China which newer not issues on cloudflare. Pricing for cloudflare is flat which for the business and pro plans, and I really like flat fees instead of usage based . where stackpath varies each month based on usage.
I feel amazon cloudfront is a much better option for an image proxy. Takes less than a minute to setup, offers automatic ssl and dozens of caching endpoints. Also super easy to automate with AWS cli. Even optimizes for streaming videos. I have never had any issues with them.
You can check the AWS calculator to figure out the pricing based on your average bandwidth. Depending on your use case you may be paying less than a Cloudflare pro account.
> We use Imageboss for all our image manipulation needs. During our migration out of cloudflare we had some difficulties with their service. I reached out to them and within an hour they helped us go through this migration and really saved the day for us. A really huge "thank you" to Igor for treating use with professionalism.
Ironically, weren’t these difficulties due to Imageboss being itself blocked by Cloudflare? [1].
Although it is not clear from the blog post, I think what the author did, was to use an old technique for blogs, where you would serve images under many different subdomains. You did this in order to force the web browsers to deeply parallelize the requests, as browsers used to limit to around 4 concurrent requests per domain IIRC. This was pre-HTTP2/QUIC era, and it made a huge difference, as a website could have tens or hundreds of requests per page.
There were even specialized wordpress plugins to take care of this. You just assigned multiple subdomains to your website and the plugin would round-robin the subdomain each image would come from.
If this is indeed the case, then we are in a gray area, where he did and did not violate cloudflare's rules at the same time.
I don't think it's that. OP seems to have a CMS (LucentCMS) and some sites using it (eg: kritikos-sm.gr) load images from a sub domain (eg: images.lucentcms.com).
While the CMS website receive normal visits and serves HTML content, for Cloudflare it's being used mostly to serve images, breaking their ToS. If the customer website was behind Cloudflare and they used their own (sub)domain to serve images they'd probably be fine because that domain would be serving a healthy mix of HTML and media content.
I think both OP and Cloudflare are in the wrong here. OP was using the wrong product for this and Cloudflare didn't give him time to fix the problem, losing a customer in the process.
We're quite interested in a related case here of byte-addressable CDN caching of data table reads for web-scale publishing. So right in that gray area of web publishing. Imagine something like an infinite on-demand parquet table scrolling UI on the NYT website. S3 supports this quite cleanly for internal use, but not for web publishing, where a CDN is needed for the typical hot reads.
So the question is which CDN would make sense for fronting that, both technically and, as seen here, wrt ToS. If not cloudflare... who?
---
(Also, if you're into building such experiences, we're looking for a platform engineering owner to help build out our global gpu network!)
There are several such cases discussed in the Cloudflare forums. It usually turns out that the webmaster was serving very large amounts of media, which no one should expect to be free.
This is something that always concerns me when I start a new project. I often want to handle as much internally as possible to avoid situations like this one, but large services often make things much easier in comparison (until they pull something and you're stuck doing the work anyway). I really should start tracking how much time I actually lose to things like this so I can do a proper analysis.
You can get away with using a few TBs/month on the free plan if you also serve a healthy share of html content (static or dynamic). For example, a normal blog where images are part of the content will be fine.
Disclaimer: I am neither pro-Cloudflare nor anti-Cloudflare...
To me, it seems that Cloudflare is just another additional abstraction layer / proxy -- between web sites / web apps / SAAS providers -- and the Internet.
There might be benefits from such an arrangement -- such as Cloudflare's ability to block DDoS attacks...
But there also might be drawbacks from such an arrangement -- such as what do if Cloudflare for whatever reason -- blocks/bans/or otherwise limits you?
Opinion: A good website / web app / SAAS -- would be as distributed as possible -- that is, it would use the Internet natively AND it would Cloudflare AND it would use N Cloudflare competitors/proxy services -- ideally all of them -- at the same time!
In other words -- let the user choose their own route to a provider!
Do you want to use Cloudflare?
Great, we have that!
Do you want to use the Internet natively?
Great, we have that!
Do you want to use a competitor to Cloudflare?
Great -- we have that too!
If it is technically impossible to do that with one domain -- then mirror your site/service/SAAS -- to multiple domains.
Let the user decide what they want...
Incidentally, towards that end, I found the following excellent list on GitHub:
Now that they have their own image solution they are using all the tricks they can to blow competition. Not giving notice is really bellow the belt on my opinion. That is not how you treat your customers.
Uh, can't cloudflare just choose not to cache images beyond a certain bandwidth limit if they want to? Why throw the customer off the service completely?
You're still accessing the file via their network, so for them it's probably cheaper to actually cache the file so they don't have to hit the origin server every time a request comes in.
"mitm" strongly implies Cloudflare is somehow unauthorized, like they're slipping in and hijacking the connection.
I know why Cloudflare detractors use this type of intentionally misleading language, but can we maybe say something like "worlds largest _proxy_" that is more accurate?
These are the nightmare stories for me. So much of the internet depends on these worldwide CDNs that people are bullied into using by DDoS attackers, which, in turn, allows these companies to have a chokehold.
Cloudflare is a "global network built for the cloud" that.... doesn't allow images? Really?
They have partnerships with Backblaze and Wasabi, object storage providers, but wont allow images to be served over their CDN? Really?
They have their own object storage solu--- ohhhhhhh
Even before r2 they didn't allow sites like image hosting or video hosting.
The point of Cloudflare is that hosting your website for free is a service, and you "pay" for that service in strengthening their network; from their S-1[0]:
> Free customers are an important part of our business. .. Our free customers create scale, serve as efficient brand marketing, and help us attract developers, customers, and potential employees.... In addition, the added scale and diversity of this traffic makes us valuable to a diverse set of global ISPs, improving the breadth and economic terms of our interconnections, bandwidth costs, and co-location expenses.
Your theoretical cost as a free customer is outweighed by the positive effects of protecting over 10% of websites on the internet, largely for free. Now, if you run a free video site proxying all your multimedia stream segments to serve pirated movies, or create a site dedicated to user image uploads and quickly balloon to serving hundreds of terabytes a day at the expense of Cloudflare, your value to the network is trumped by how much you're actively costing them in uplink costs and risk exposure.
furyofantares|3 years ago
> 2.8 Limitation on Serving Non-HTML Content
> The Services are offered primarily as a platform to cache and serve web pages and websites. Unless explicitly included as part of a Paid Service purchased by you, you agree to use the Services solely for the purpose of (i) serving web pages as viewed through a web browser or other functionally equivalent applications, including rendering Hypertext Markup Language (HTML) or other functional equivalents, and (ii) serving web APIs subject to the restrictions set forth in this Section 2.8. Use of the Services for serving video or a disproportionate percentage of pictures, audio files, or other non-HTML content is prohibited, unless purchased separately as part of a Paid Service or expressly allowed under our Supplemental Terms for a specific Service. If we determine you have breached this Section 2.8, we may immediately suspend or restrict your use of the Services, or limit End User access to certain of your resources through the Services.
kayodelycaon|3 years ago
So it’s not like they don’t allow it at all. You just need to pay for it.
qwertyforce|3 years ago
pkulak|3 years ago
All my tunnels are still running great, for free. I could not be happier.
erdaniels|3 years ago
lexx|3 years ago
vlunkr|3 years ago
Do they? I'm looking at the docs related to proxy and CDN and I don't see anything.
creatonez|3 years ago
Where? I've never seen it outside of the fine-print legalese.
fahrradflucht|3 years ago
nimbius|3 years ago
- Read your terms of service, contractual responsibility and liability for all services. as a leader, youre authoritative and liable for shareholder and corporate risk.
- What you do after the fact is just as important --if not more-- than what you didnt do before. Channel this outrage into action, identify the problem, and countermeasure it to ensure future success.
- Risk is an isotope, do not concentrate it all into one single provider/platform/service or its criticality will prove a detriment to your business. You can mitigate it, accept it, or delegate it, but it cannot be ignored.
- if the product is for free, its likely the roles are reversed. re-evaluate your needs and understand whether youre a consumer, or a product and if this shift in roles aligns appropriately with risk and compliance in your industry. Do not assume the coffee is free.
drowsspa|3 years ago
sidcool|3 years ago
redm|3 years ago
* I've been using various CDN's since the 90's, and I'm currently a Cloudflare Enterprise customer. However, Cloudflare, not without its faults, is still the best option out there.
ddorian43|3 years ago
What type of pricing on enterprise per TB on how bulk usage?
jsnell|3 years ago
(There's some very good reasons to leave terms a bit vague rather than specified exactly, but then you probably wouldn't expect enforcement in cases that are ambiguous.)
lexx|3 years ago
infensus|3 years ago
tut-urut-utut|3 years ago
vb-8448|3 years ago
This is really a shitty thing from Cloudflare, you cannot shut down an already running business without any notice/grace period.
thelastkek|3 years ago
kkielhofner|3 years ago
"all my subdomains that operate as image proxies are banned"
That sounds anywhere from perfectly reasonable to completely shady. Writing a post like this and not providing any additional detail on what you were actually doing to trigger the ToS boot leads me (for one) to believe elaboration on your use case would harm your argument, any sympathizing, etc.
From what I've seen before in many cases Cloudflare uses the "non-html content is disproportionate to html content" ToS clause as a catch-all to boot customers they don't like for one reason or another, are wildly "expensive" from a bandwidth standpoint, etc. As many have pointed out here on HN it doesn't even really fundamentally make sense and most websites, by nature, are going to consume more bandwidth with JS/SVG/PNG/etc vs HTML.
londons_explore|3 years ago
Then the TOS should give examples of common things that trigger use of this policy, for example running an image/video host.
I'd like them to commit to always offering a monetary amount which would satisfy them. Often in business, a migration is a slow and painful process, so simply paying 10c/GB to serve video/images might be preferable.
mynameisvlad|3 years ago
> 2.8 Limitation on Serving Non-HTML Content
> The Services are offered primarily as a platform to cache and serve web pages and websites. Unless explicitly included as part of a Paid Service purchased by you, you agree to use the Services solely for the purpose of (i) serving web pages as viewed through a web browser or other functionally equivalent applications, including rendering Hypertext Markup Language (HTML) or other functional equivalents, and (ii) serving web APIs subject to the restrictions set forth in this Section 2.8. Use of the Services for serving video or a disproportionate percentage of pictures, audio files, or other non-HTML content is prohibited, unless purchased separately as part of a Paid Service or expressly allowed under our Supplemental Terms for a specific Service. If we determine you have breached this Section 2.8, we may immediately suspend or restrict your use of the Services, or limit End User access to certain of your resources through the Services.
unknown|3 years ago
[deleted]
phpisatrash|3 years ago
I know this is not related to the post, but I tried to use workers for a few times, specifically the Cron workers. However it never worked as it should. My Cron was never triggered. And then, when I contacted their support throught the community, theirs mods seemed to basically don't care that Cron workers don't work. I tried and did everything the support mods said to me but nothing worked.
And then, they just stopped answering me.
And more, it wasn't just me. A bunch of people were having the same trouble with Cron workers.
So I don't use workers anymore.
John23832|3 years ago
We had issues with ZeroTrust and could get literally ZeroHelp. We were told the ZeroTrust team doesn't monitor the forums (which were where we were told by support to go for help, lol).
henriquez|3 years ago
judge2020|3 years ago
quags|3 years ago
superasn|3 years ago
You can check the AWS calculator to figure out the pricing based on your average bandwidth. Depending on your use case you may be paying less than a Cloudflare pro account.
sfe22|3 years ago
noncoml|3 years ago
hk__2|3 years ago
Ironically, weren’t these difficulties due to Imageboss being itself blocked by Cloudflare? [1].
[1]: https://www.linkedin.com/posts/igorescobar_cloudflare-just-b...
lexx|3 years ago
andmarios|3 years ago
There were even specialized wordpress plugins to take care of this. You just assigned multiple subdomains to your website and the plugin would round-robin the subdomain each image would come from.
If this is indeed the case, then we are in a gray area, where he did and did not violate cloudflare's rules at the same time.
celsoazevedo|3 years ago
While the CMS website receive normal visits and serves HTML content, for Cloudflare it's being used mostly to serve images, breaking their ToS. If the customer website was behind Cloudflare and they used their own (sub)domain to serve images they'd probably be fine because that domain would be serving a healthy mix of HTML and media content.
I think both OP and Cloudflare are in the wrong here. OP was using the wrong product for this and Cloudflare didn't give him time to fix the problem, losing a customer in the process.
lmeyerov|3 years ago
So the question is which CDN would make sense for fronting that, both technically and, as seen here, wrt ToS. If not cloudflare... who?
---
(Also, if you're into building such experiences, we're looking for a platform engineering owner to help build out our global gpu network!)
blobster|3 years ago
renaissance_tea|3 years ago
I give up on understanding why these things go viral.
THJr|3 years ago
habibur|3 years ago
celsoazevedo|3 years ago
peter_d_sherman|3 years ago
To me, it seems that Cloudflare is just another additional abstraction layer / proxy -- between web sites / web apps / SAAS providers -- and the Internet.
There might be benefits from such an arrangement -- such as Cloudflare's ability to block DDoS attacks...
But there also might be drawbacks from such an arrangement -- such as what do if Cloudflare for whatever reason -- blocks/bans/or otherwise limits you?
Opinion: A good website / web app / SAAS -- would be as distributed as possible -- that is, it would use the Internet natively AND it would Cloudflare AND it would use N Cloudflare competitors/proxy services -- ideally all of them -- at the same time!
In other words -- let the user choose their own route to a provider!
Do you want to use Cloudflare?
Great, we have that!
Do you want to use the Internet natively?
Great, we have that!
Do you want to use a competitor to Cloudflare?
Great -- we have that too!
If it is technically impossible to do that with one domain -- then mirror your site/service/SAAS -- to multiple domains.
Let the user decide what they want...
Incidentally, towards that end, I found the following excellent list on GitHub:
https://github.com/anderspitman/awesome-tunneling
(https://news.ycombinator.com/item?id=30443747 -- for related discussion)
It's non-canonical -- but it's probably a step in the right direction...
unknown|3 years ago
[deleted]
titiolinkin|3 years ago
noduerme|3 years ago
celsoazevedo|3 years ago
advisedwang|3 years ago
Alifatisk|3 years ago
cmeacham98|3 years ago
I know why Cloudflare detractors use this type of intentionally misleading language, but can we maybe say something like "worlds largest _proxy_" that is more accurate?
sp332|3 years ago
charcircuit|3 years ago
ZoF|3 years ago
[deleted]
atkailash|3 years ago
[deleted]
PointyFluff|3 years ago
[deleted]
goldforever|3 years ago
[deleted]
TobyTheDog123|3 years ago
Cloudflare is a "global network built for the cloud" that.... doesn't allow images? Really?
They have partnerships with Backblaze and Wasabi, object storage providers, but wont allow images to be served over their CDN? Really?
They have their own object storage solu--- ohhhhhhh
judge2020|3 years ago
The point of Cloudflare is that hosting your website for free is a service, and you "pay" for that service in strengthening their network; from their S-1[0]:
> Free customers are an important part of our business. .. Our free customers create scale, serve as efficient brand marketing, and help us attract developers, customers, and potential employees.... In addition, the added scale and diversity of this traffic makes us valuable to a diverse set of global ISPs, improving the breadth and economic terms of our interconnections, bandwidth costs, and co-location expenses.
Your theoretical cost as a free customer is outweighed by the positive effects of protecting over 10% of websites on the internet, largely for free. Now, if you run a free video site proxying all your multimedia stream segments to serve pirated movies, or create a site dedicated to user image uploads and quickly balloon to serving hundreds of terabytes a day at the expense of Cloudflare, your value to the network is trumped by how much you're actively costing them in uplink costs and risk exposure.
0: https://gist.github.com/judge2020/e49138d588950167b736c630aa...
bluedino|3 years ago