Why doesn't Cloudflare follow their own advice?

There’s this really cool Cloudflare blog post titled “The unintended consequences of blocking IP addresses” that I think people at Cloudflare should read. It won’t let me link the blog post but it’s easily found.

You see I often have repeated difficulty accessing websites that use Cloudflare. I live in the middle of nowhere and use Starlink which uses CGNAT as IPv4 addresses aren’t unlimited. What happens is Cloudflare repeatedly flags my IP address due to the false assumption that an IP address represents a single client. That’s something that the blog post describes better than I could ever and I find it to be really good advice. It’s just stupid these days to assume that an IP address maps to a single client and it results in a lot of unexpected behaviour and is a significant cause of concern for everyone.

At the end of the day this behaviour results in constant captcha’s and killed connections. Sometimes I can’t even load a website as Cloudflare is killing the connection and it takes seconds before it starts even accepting a connection. This is obviously not a good user experience and I’d advise people against supporting entities that refuse to move with the times and respect that an IP address can map to multiple endpoints.

So my question is, why doesn’t Cloudflare follow the advice they give others? They are happy to complain rightfully so when someone assumes the one to one IP address relationship but at the same time will actively block and hinder users who have no choice in the matter. This seems very counter intuitive and I’d suggest that employees at Cloudflare reach out to the blog post authors to upskill themselves in how modern internet infrastructure works. It would save a lot of people hassle that shouldn’t exist.

Cloudflare isn’t blocking your IP. Cloudflare might say your IP is suspicious due to the traffic, but it is up to the websites you are connecting to as to how they use that.

1 Like

That just isn’t true. Cloudflare will close the connection momentarily on some IP addresses and it can take a couple seconds before it’ll let the connection go through. That’s by design with how anti ddos routing works to prevent saturation but it’s really annoying as an end user when you experience that behaviour almost 24/7 because your IP is constantly being flagged due to actions that have nothing to do with you.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.