Does anyone at Cloudflare know plain English?

I keep getting emails from Cloudflare, but I don’t have a clue what they are saying. They use a lot of “tech speak.”

I just got an email about removing something and replacing it with something - a bunch of numbers. I’ve gotten things before from them and the only thing I know how to do is ignore them, which I gather is not always a good thing.

It appears I have to use Cloudflare because of my business, but they seem to assume that I know what they are talking about. I barely got through the initial set up.

Is there some place or some one who acts as an interpreter for all this gobbledy-gook that shows up in my inbox?

Thanks!
Richard

BTW: Here is the email I received today. I read it, but I still don’t know what they want me to do.

Cloudflare is making infrastructure changes to simplify customer configuration, and reduce the number of IPv4 addresses that could potentially interact with your origin on Cloudflare’s behalf.

If your security model relies on allowing a list of trusted Cloudflare IPs from cloudflare.com/ips (or via API) on your origin, please make the following changes to your allow list by May 7, 2021 . This change is safe to make today.

Remove:
[there are some numbers here in this format —.–.-/–]

Add:
[there are some numbers here in this format —.–.-/–]
[there are some numbers here in this format —.–.-/–]

This change delists the [there are some numbers here in this format —.–.-/–] prefix, which is no longer in use by Cloudflare infrastructure. These addresses will be repurposed for use with our Gateway and WARP (secure web gateway and VPN) products, and may carry traffic from untrusted sources in the future.

Cloudflare does not recommend enforcing security policy at origins solely by trusting IP addresses. Argo Tunnels and Authenticated Origin Pulls provide more secure and specific ways to secure origin connections from Cloudflare.

• Further detail on how to configure Argo Tunnels.
• Further detail on how to configure Authenticated Origin Pulls.

If you have further questions, please visit the Cloudflare Community.

Regards,
The Cloudflare Team

I have to admit, an interesting topic title

The format here would be [0-255].[0-255].[0-255].[0-255]/[0-24].

These are IPs. I doubt you would need to do anything about them, my question is why are you receiving these emails as you don’t seem to be a network admin.

Hi @rdemail2005-contact,

That’s often done here on the community!

Hopefully I can help explain what that email was, assuming it was the one titled:

[Action May Be Required] Changes to Cloudflare Infrastructure IPs Listed on cloudflare.com/IPs

Essentially the way Cloudflare works is by sitting in front of your website, so anyone visiting your site goes through Cloudflare and is passed on to your site. This means that when Cloudflare requests resources from your site to serve to a visitor, the server that your website is on sees the request coming from Cloudflare. It will see this in the form of an IP Address - that’s what the numbers are - essentially identifiers so as to know where to send the data to. (This is a pretty simplistic overview, but hopefully you get the idea).

The email that you had was to tell you about a change to the IP addresses that Cloudflare uses. This will affect some people who have security measures in place to stop people bypassing Cloudflare, by restricting their server to only serve their website through Cloudflare.

OK, I think I follow that.

Now it asks (or tells) me to remove an IP Address and put in 2 others. But where? I haven’t accessed any of this stuff since I first set it up several months ago.

I appreciate you response.

Oh…that email. 99% of Cloudflare users can ignore that, as it’s not something they would use.

It’s for if you have a filter/firewall set up to block any traffic that attempts to circumvent your Cloudflare setup. You would only allow those IP addresses access to your server.

Again, it’s highly unlikely that you’re using this. And, even if you are, it won’t break anything if you don’t update those addresses.

Ah, I can resort to my usual plan for dealing with Cloudflare - Ignore! I love it!

Just on a general note, Cloudflare is used by a lot of people new to the technical side and a lot of very technical people, but I am curious what is making you use it? Was it something set up by a previous developer/contractor that you inherited or something you setup yourself?

This will work a lot of the time, but sometimes things do need attention!

I set up my business around using SamCart to handle billing, etc. Cloudflare is what they use as the go between for them and my website. So far, I haven’t actually used that aspect of it - maybe soon as I begin to put more focus on my website, but I set it up as part of the initial set up of SamCart.

Ah, interesting. I hadn’t heard of them before - interesting that they seem to require Cloudflare for custom domains!

No offence, Richard, but Cloudflare is a tech company and naturally assumes their users have that knowledge. There is nothing wrong with not having it, but in that case you should either be willing to invest the time to acquire the necessary knowledge or hire a professional. The same as you’d do in legal proceedings for example or when you need to change your plumbing.

Also, your .net site is currently insecure and has an invalid certificate as well as an insecure encryption mode on Cloudflare. You should fix that too.

They probably have an agreement with Cloudflare and if anyone doesn’t already have a website, then they can get one through them. At least that’s what I gathered. I already had one and it seemed that to use it in conjunction with SamCart, I needed to set Cloudflare up. It was just part of the initial set up at the time.

I do appreciate you taking the time to help me sort through this. Thank you!!

Thank you! And none taken.

I only have to deal with CloudFlare rarely so it hasn’t risen high on my learning priorities. There have been and continue to be a lot of those as I navigate this online business jungle since my full-time job ended in August.

And, I would be glad to address the items you mentioned. I’m aware of the first, but the other two, I’m not sure about. Are they both Cloudflare items or just the last one? What are they and how does one address them?

Thanks so much!
Richard

All you need is a valid certificate on your server. That’s something your host would need to cover and I don’t know what agreement you have with them, but if they don’t offer a certificate but still accept third-party certificates you can still get a Lets Encrypt one or an Origin certificate from Cloudflare (the search will have more details in either case).

And, your encryption mode on Cloudflare should be “Full strict” and “Full strict” only as everything else is either not encrypted at all or with an unverified encryption. In either case your data is not secure.

Thank you again!

I see some research in my near future.

Blessings,
Richard

2 posts were merged into an existing topic: What does “Normalize URLs to origin” mean?

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.