Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Because the whole selling point of CloudFlare is that the customer supposedly doesn't need to invest effort into security, because CloudFlare will handle it all for them.

Which is obviously not the case, but that's what the marketing says.



They do handle a lot, doesn't mean you're not responsible for the settings you choose. Lack of understanding or effort on your part doesn't mean you get to just blame the vendor.


This is almost literally how they are marketing their product: https://www.cloudflare.com/overview/

Either you invest effort into security anyway and you don't need CloudFlare, or you don't invest effort into security and CloudFlare won't save you either. In neither case is CloudFlare the solution.


Or the logical way to think about this is that CloudFlare is another vendor that you can use (amongst many) to create the security you need with the trade-offs that are acceptable.

Marketing does not absolve you from proper configuration... clearly you have it out for this company for some reason.


Yes, I personally wasn't trying to convey anti-CloudFlare sentiment, I even said "and other CDN providers"

I don't think this is a 'CloudFlare vuln' or the responsibility of CloudFlare to resolve etc...

I maintain that it is sloppy work that leaks the underlying webserver IP, but also that few people care about doing so.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: