There’s this really cool Cloudflare blog post titled “The unintended consequences of blocking IP addresses” that I think people at Cloudflare should read. It won’t let me link the blog post but it’s easily found.
You see I often have repeated difficulty accessing websites that use Cloudflare. I live in the middle of nowhere and use Starlink which uses CGNAT as IPv4 addresses aren’t unlimited. What happens is Cloudflare repeatedly flags my IP address due to the false assumption that an IP address represents a single client. That’s something that the blog post describes better than I could ever and I find it to be really good advice. It’s just stupid these days to assume that an IP address maps to a single client and it results in a lot of unexpected behaviour and is a significant cause of concern for everyone.
At the end of the day this behaviour results in constant captcha’s and killed connections. Sometimes I can’t even load a website as Cloudflare is killing the connection and it takes seconds before it starts even accepting a connection. This is obviously not a good user experience and I’d advise people against supporting entities that refuse to move with the times and respect that an IP address can map to multiple endpoints.
So my question is, why doesn’t Cloudflare follow the advice they give others? They are happy to complain rightfully so when someone assumes the one to one IP address relationship but at the same time will actively block and hinder users who have no choice in the matter. This seems very counter intuitive and I’d suggest that employees at Cloudflare reach out to the blog post authors to upskill themselves in how modern internet infrastructure works. It would save a lot of people hassle that shouldn’t exist.