It’s absolutely required for most multiplayer games. Many need random ports and some even refuse to work if UPnP is blocked even if you manually open a port for them.
Same. I've found the biggest problem was SNAT rewriting the (source) port number. netfilter, by default, doesn't do this. pf does but you can configure it not to.
(Author here.) I am. There’s plenty of accessibility labels in place. It’s literally just the name attributes. No user ever sees this, whether they’re using accessive technologies or not. It only confused bots that assumes that the field named email is for the email address.
Alright well fair enough. Looks like that’s only been supported since Fx 70 released somewhere in 2019. So maybe don’t do that depending on what you intend to block. But then again it’s been 3 years also.
In general though the whole tone of parent of “I am owed access to someone else’s computer system on my and my terms alone” just doesn’t jive with me. It’s also not remotely comparable to Cloudflare’s approach of sitting in the middle snd then appropriating end-user compute resources without their consent to fuel their business.
(Author here.) That’s missing from the article. But I have logs of the network. There’s nothing out of the ordinary. “I don’t know what I did wrong,” as I started the article, means “I’ve checked logs and such and there’s no indication of anything wrong on my end.”
> That's not what Bandwidth Alliance is at all. It's about reducing or eliminating egress fees between a cloud provider and Cloudflare. Not sure where the idea that it's about sharing IP reputation data comes from.
I need to look into that. Thanks for pointing it out. I had totally forgotten about that post.
Edit: team tells me this idea never got off the ground. Did talk with some potential partners (which did NOT include Google) but didn’t happen. So if Google was throwing CAPTCHAs it wasn’t because of our IP reputation.
Dear John. What am I — as a normal human being/end-user — supposed to do in this situation? People can’t do anything without any information about why they’re blocked. Who do you contact? Where do you go? What to do? The challenge page doesn’t help the end user understand why this is happening to them. It’s okay if you only see it for two seconds. But the page stays on screen for over a minute. When this happens for every website — what do you do? You’d be furious if this had happen to you. I’m just trying to read my online comics and lookup some stuff about some interests and hobbies. It reduced my quality of life/sanity for a week. The last two days, I started worrying that this was going to be the new normal. I even looked into swapping ISP to get a new IP address.
PS: I love all the innovation and engineering stuff you guys regularly share on the Cloudflare blog. It’s [almost] always an interesting read. Even though I’m no fan of the massive centralization your company has caused.
The main problem of course, and it isn’t limited to Cloudflare and I won’t pretend to have the solution, is that if you are caught in this kind of web, you have no recourse but go public and hope the spotlight lands on you. For every problem we see in an upvoted post there’s tons that nobody sees.
I haven't been getting challenges that last that long, but I have noticed that the redesigned "security check" challenge pages with the spinner do seem much slower than the old design with the loader that was made of 3 orange dots.
> People can’t do anything without any information about why they’re blocked. Who do you contact? Where do you go? What to do?
This is the most serious problem with all of the major companies these days. Cloudflare, Google, Apple, etc. When you get on their "bad side", you're just screwed. You'll never even know what got them mad at you, and there's nothing you can do to recover.
The only reasonable way to deal with this is to avoid them all to the greatest extent possible. You have no control over whether or not you deal with Cloudflare, unfortunately, which makes them the worst of the lot.
> It’s okay if you only see it for two seconds. But the page stays on screen for over a minute.
That doesn't sound right. You shouldn't see a loading page for over a minute. If you're open to providing more details privately I'd love to help troubleshoot. You can drop me an email at amartinetti @ cloudflare.
(Author here.) My router isn’t a domestic router. It’s a MikroTik running RouterOS, completely unsupported by the ISP. Outgoing connections and DNS is logged. UPnP is only allowed for the Xbox, PS4, and off-most-of-the-time gaming PC. Nothing out of the ordinary in the logs.
They're a powerful tool that lets you shopt off your foot and half your brains with the same bullet. However, this my router isn't compromised. MikroTik routers can easily be misconfigured to be insecure or misbehave. It's a Cisco clone, so that is the product you're buying.
I don't recommend them to anyone who doesn't enjoy and are familiar with the lower-level intricacies of network operations.
With some ISPs, they will issue a new IP if you change the router's (WAN) MAC address. Might be worth a try next time (crossing fingers you don't need it).
This is what I've always seen too. I've never seen a residential ISP that allocates static DHCP addresses, they typically allocate in days which is why many people can maintain a leased address for months on end. Once you go offline though, all bets are off. Every ISP can determine if the subscriber is disconnected and if they are, they're going to reallocate your address. To your point, once the MAC address is changed, they have to issue a new IP address because using the logic posted above, the other address is allocated to a different MAC.
