I recently came across Access denied to Pale Moon desktop browser and, as a cloudflare customer, was upset that the userbase for my websites – typically extremely technical linux users – may have been blocked in error. I understand that bugs happen, but the way the "MVP"s on that thread – were dismissive of the concerns is extremely bothersome.
I’ve disabled WAF on my web properties to prevent this issue for me; but does Cloudflare have any plan to ensure that highly technical users can access websites with their browser of choice? Digital freedom is a value that I hold, and I thought Cloudflare also held – please ensure this value is put into practice when dealing with less common browsers.
I’m just curious, have you tried using privacy pass? https://privacypass.github.io/ if your browser has “passes”, you should be able to skip the challenge pages that are causing the browser to loop.
You control and configure Cloudflare. You and your users can review the reasons they are being blocked and you and your security team can make the decisions you feel are right for your website.
Support for non-mainstream and legacy connection types isn’t free. There are now, for example legacy Android versions which require website owners to make security tradeoffs and in some cases even possibly spend money to make available Cloudflare functionality to support connections in that manner. Testing the long tail isn’t a simple thing.
Maintaining support for mainstream browsers is difficult enough. There are plenty of examples of breaking changes made by browser devs or Cloudflare in Chrome / Safari / Firefox builds.
Hello @mdemoura - no more fixing? Are you now set on a very specific browser allowlist and is it that much to ask Cloudflare adding the Goanna browser engine to your checks before releasing updates to the wild?