Hacker News new | past | comments | ask | show | jobs | submit login

I worked with sites that had performance issues because of attacks against dynamic image scaling in Cloudflare (scaling probably done with workers). Services like Cloudflare does not in general protect against service design issues. I try to explain that to people all the time. I also worked with another provider where a monthly bill got 5 times higher one month because images were requested at many different large sizes.



Yeah, I've come across sites that allow arbitrary resizing via dimension numbers in the URL. Seems like it would be easy to CPU ddos by submitting random numbers in those fields.


And it's fairly easy to "snap" to the nearest available size variant. That way one can add cached variants after-the-fact.


You could do the same by requesting any dynamic page many times.

Adding a rate limit to image resizing is no harder than adding it to any other URL.


Huh. I don't understand how this would effect a site using Cloudflare Images. It seems like maybe a DDOS against Cloudflare itself, but I don't see how it would be a problem for your site. But you say it was, so.

But okay, thanks for providing more context. I have not used Cloudflare Images at all, so I don't really know, just trying to make sense of it.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: