The Cloudflare implementation here sucks

submitted by 0_0 from self.SaidIt

sorted by:
top
newinsightfulfun
you are viewing a single comment's thread.

view the rest of the comments →

[–]ID10T 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (10 children)

You could have a script do a simple get request to the site at regular intervals before the Cloudflare timeout. That way as long as a user has a page loaded and are logged in, it pings the site to prevent the Cloudflare timeout.

For security, I would limit this ping to perhaps five minutes of inactivity, so a user doesn't stay authorized by Cloudflare indefinitely if they have a page left open on their browser.

I assume there's a template for when a user is logged in, like where the banner displays your username. You could add the script there with a timeout to GET /healthcheck every twenty seconds or whatever.

[–]In-the-clouds 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (4 children)

I tested that idea, and it mostly works.

[–]0_0[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (2 children)

What is the ideal number of seconds to refresh Saidit, to minimize bandwidth and yet still avoid Cloudflare's blockade?

To answer your question, it should refresh at the expiration of the cookie "cf_clearance" + 5 minutes, which is when the cloudflare pass expires.

In any case the fact that these kind of workarounds are required is fucking retarded.

[–]In-the-clouds 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (1 child)

5 minutes? It seems like Cloudflare blocks me if I just let 2 minutes go by without clicking on a new link.

[–]0_0[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

On my side is exactly 5 minutes, which is the smallest time span that can be set as challenge passage on Cloudflare.

[–]ID10T 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Yeah the script just needs to load an empty page that returns 200. That won't cost hardly any bandwidth and will be enough to refresh the TTL on the Cloudflare cookie.

[–]binaryblob 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (4 children)

You are forgetting that there is a cost to Cloudflare (and to the clients) to do this, so only if you have read their APIs in detail, you would be able to make such a claim. For enterprise clients, they would be happy to help, but for the free tier, perhaps not so much. I haven't read their API in detail, but I have experience with enterprise APIs. For some APIs for Big Tech, you can't just write something that "looks reasonable" if it has to scale (or when you scale you go bankrupt, which is another popular way to encourage using batch APIs). The server implementations are relentless to clients to the point that they basically prescribe how to write your client or it won't work. (This is a good thing, but it explains why so little companies integrate directly and often use middleware.)

[–]ID10T 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (3 children)

True, I don't know why the site admins have this time set so short. Looks like it's something they can just change to whatever is reasonable https://community.cloudflare.com/t/security-check-on-my-website-every-30-seconds/282472

[–]binaryblob 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (2 children)

That sounds like a good basis for a conversation with the site admin.

[–]ID10T 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (1 child)

Who is this mysterious "admin" anyway?

[–]binaryblob 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

I thought it was magnora7. He/she/it has written about hosting it a couple of times.