Do you ever have users complain about your use of Cloudflare



Curious if anyone else has ever had their users complain about the sites use of cloudflare? We get it from time to time whenever there is a press story doing the rounds (e.g. the one about cloudflare supposedly support isis)

How do you counteract it effectively? or do you just ride it out (like we do)


I don’t get users trying to make political statements against Cloudflare. However…I’m in California, as is Cloudflare. My response would be that Cloudflare follows the same laws I follow. Any illegal activity should be reported to their abuse department.


Yes. There was an issue with one site using Cloudflare because of ISIS and because “old grandma with Windows XP can’t enter site” (aka SNI problem), Because of second one we switched to Pro (for SAN cert). As of first one I wasn’t the one to who made client realize how lack of IT knowledge hurts them but one of my personal counterarguments for this was “hey, ISIS people breath the same air as we do - why don’t we just stop breathing altogether?”.


A website isn’t a bomb. Cloudflare will forward reports to the host who makes the final decision. If Cloudflare suspends sites they won’t go away, they’ll just get slower. And honestly tell your users if they don’t like it to use a different site.


I work for the state government so that’s not really an approach we can take

Stuart Campbell
Information Management and Technology


Luckily you aren’t Cloudflare. If you dislike a site don’t use it. At most Cloudflare will forward the complaint. And if they have an abuse ignored host, you’ll accomplish absolutely nothing.


I think you’re missing the point I’m making, I run the site and have users complain that we’re using Cloudflare not the other way around

Stuart Campbell
Information Management and Technology


Oh well tell them to get over it. If they aren’t doing anything wrong Cloudflare won’t CAPTCHA them. If they spend their time online spamming the web they will get a CAPTCHA. Sucks but that’s the way it is. No one is forcing them to use ur site.


Actually that’s the point I’m trying to make, they are forced to use our site as we are government

Stuart Campbell
Information Management and Technology


Tell them to quit doing sketchy stuff online and they won’t give you a CAPTCHA. Beyond that they can get over it or don’t use the site and deal with the consequences.


I think we’ve established that @stuart.campbell’s users are not objecting to Cloudflare because of our other customers, but rather because they are finding it inconvenient when they receive security challenges.

There are a lot of options within the dahsboard to tailor the security for your site’s individual needs. Perhaps they may be useful.


Ryan, no it’s not the security challenges that they’re finding
inconvenient it’s the association with Cloudflare whenever there is a
negative news story that comes out .

Stuart Campbell
Digital Solutions Design Lead
Information Management & Technology


Ah, looks like I got it way wrong :facepalm:

It’s definitely a sticky subject, but we typically encourage people to look at Matthew’s blog post on Free Speech. Also, in many cases the more negative stories or comments on social media may not accurately reflect all of the events or details.


I catch flak from privacy conscious people, but I resolved that by offering a Tor hidden service, which effectively does some of the same obfuscation work as Cloudflare.

I’m glad that Cloudflare makes absolutely no decision on content (outside of child pornography). I would much rather them be apolitical and do their jobs, even if that means a few ISIS-sympathizing websites being under their umbrella. It’s pretty much assured that Cloudflare does work with American law enforcement and anti-terrorism groups so there’s really no reason to pitch a fit about them doing so. It’s probably better in terms of national security to have those groups rely on Cloudflare and hide in plain sight.


I’m glad that Cloudflare makes absolutely no decision on content (outside of child pornography).

Cloudflare as far as I am aware of, hasn’t removed any sites, including sites hosting child pornographic content. They simply forward to the host to have it removed.


I didn’t think that was legally possible because of how obscenity laws worked. Either way I don’t care, as long as they cooperate within reason with LEO. Just do your job and don’t dictate to people how to run their website.


That is not correct. Cloudflare works with law enforcement, and the appropriate reporting organizations under United States law, namely the National Center for Missing & Exploited Children (NCMEC). We follow industry standard best practice following advice received in consultation with these organizations.

Domains that are solely and intentionally malicious in nature are routinely removed from our service.

We cannot however comment on individual cases.


Can you provide an example of a site that’s been removed from your service. There are dedicated financial fraud forums that have been on your service for years. Why are those not removed if you take the time to remove sites hosting illegal images?


Sites solely dedicated to phishing or intentionally distributing malware, for example. We however won’t be elaborating further at this time.


Non of my clients have ever complained about CloudFlare. The negative press to date imho has been nothing more than FUD. People just comment without doing their own research or make wild baseless assumptions.