Our organization dropped trust of Cloudflare and all it's IP address assignments a while back. We don't allow any data from their networks, CDNs, or A-DNS's to be received by our network.
It is just not worth dealing with Cloudflare at all in a business network.
That essentially means that you can't use any services that happen to be hosted behind Cloudflare, like OpenAI/ChatGPT, GitLab, Hubspot and Shopify. And anyone on WARP and about half of iCloud Private Relay requests won't make it to your services.
I suppose it strongly depends on your organisation, but I'm not seeing how this would be a realistic option unless you're very powerful or have a lot of cash to burn on non-core business processes.
Have you run into any issues yet with Cloudflare customer using their Gateway Zero trust offerings that end up egressing with Cloudflare IPs or how do you plan on handling that as that business grows?
Apple private relay is also fronted by Cloudflare or are actually allowing large amounts of traffic from Clouldflare?
IANAL but a face-value evaluation of this policy seems unlikely to shield Cloudflare from either civil or criminal liability for illegal activity? I know the DMCA provides a certain degree of immunity to web hosts (regarding copyrighted content in particular) but after abuse is reported I believe there's a timeline where action must be taken or they lose their immunity, right? Does a similar law not exist for content that's already always illegal (such as hosting C&C servers for/distributing malware)?
> The advantage of this policy is that it makes life easy for Cloudflare, as they do not have to do any deep investigation or analysis of incidents, and notification flow can be largely automated. In this way, the cost of dealing with abuse is very low, benefiting the bottom lineā¦
This seems like a variation of a fundamental attribution error.
quilnux|1 year ago
It is just not worth dealing with Cloudflare at all in a business network.
oneplane|1 year ago
I suppose it strongly depends on your organisation, but I'm not seeing how this would be a realistic option unless you're very powerful or have a lot of cash to burn on non-core business processes.
deceptionatd|1 year ago
[1]: https://w3techs.com/technologies/details/cn-cloudflare [2]: https://6sense.com/tech/domain-name-services/cloudflare-dns-...
tick_tock_tick|1 year ago
Apple private relay is also fronted by Cloudflare or are actually allowing large amounts of traffic from Clouldflare?
derekmhewitt|1 year ago
ultimoo|1 year ago
> The advantage of this policy is that it makes life easy for Cloudflare, as they do not have to do any deep investigation or analysis of incidents, and notification flow can be largely automated. In this way, the cost of dealing with abuse is very low, benefiting the bottom lineā¦
This seems like a variation of a fundamental attribution error.
phone8675309|1 year ago
You love to see it.
Fuck you for making it impossible to run an independent mail server without dumping hours per week into it or paying for someone else to run it.
unknown|1 year ago
[deleted]