Do you use Cloudflare?

Do you use Cloudflare with XenForo?

  • Yes, I pay for it on at least one of my sites

    Votes: 24 24.7%

  • Yes, I use the free version

    Votes: 44 45.4%

  • No, but I've been thinking about it though

    Votes: 4 4.1%

  • No, I choose not to use it

    Votes: 24 24.7%

  • Never heard of it

    Votes: 1 1.0%
  • Total voters
    97
MySiteGuy said:
They are in fact correct that Google's services can be a privacy violation.

For that matter, visiting any website their web server logs can have sites people are visiting from, what browser is used (and in many cases, the browser's plug-ins), IP addresses and from IP addresses, geo-location.
Click to expand...
Oh really? Who would have guessed that... :rolleyes:

MySiteGuy said:
If you think you're any better off with other countries, looked up the recent raids and server confiscations in the Netherlands, a country famed for its so-called privacy protections.
Click to expand...
The netherlands have historically been famous for very liberal hosting and freedom of speech. The have a long tradition for hosting sites, that in other countries were endangered to be shut down. It got a little stricter in recent years as far as I can judge, however - most of the filthy traffic that hits my forum and comes from within the EU comes from the Netherlands. Raids and server confiscations there typically would have a very good reason. Anyway it would be way way bette than hosting in the US (or using US based services or services providers) where since the patriot act from 2001 no privacy is guaranteed and even less if you are not a US citizen. It got way worse since then and with the current government it is no better than any dictatorship state. With the system of subpoemas you can be spied at easily and to not even get informed. There is a reason why there are such things as warrant canaries...

en.wikipedia.org

Warrant canary - Wikipedia

en.wikipedia.org en.wikipedia.org

A company that decypts large amounts of web traffic and has so full access to it's content is a perfect target for "agencies". If this company resides in a country where those agencies not only can force companies to secretly hand over user data but also have a proven history in doing so I would call that a problem.

ES Dev Team said:
They're a publicly traded corporation and have incentives to do evil things to make money.
Very few publicly traded corporations don't eventually start abusing the market position that users give them.
But once they get a large amount of the market, that's usually when the abuse starts.
Click to expand...

MySiteGuy said:
Cloudflare already has 82% of the reverse proxy market share, and 20% of all websites go through them. Rather than abusing their market position, I've seen them increase efforts at transparency, and they are one of the most transparent companies out there.
Click to expand...
You may want to read this blogpost and the comments below it:

robindev.substack.com

Cloudflare took down our website after trying to force us to pay 120k$ within 24h

TL;DR:
robindev.substack.com robindev.substack.com

Cloudflare seems pretty dedicated and pretty transparent but it also seems they do have a dark side.
 
Last edited:
We also start to see the issue that happens when you have a single point of failure - which there is with cloudflare: In Spain, during football matches cloudflare is blocked due to antipiracy. This has been ruled by a court and does affect most sites that use cloudflare as it seems - if you use couldflare your forum will not be reachable from Spain during football matches:

La Liga: Blocking of Cloudflare IPs in Spain – Cybersecurity Advisors Network

cybersecurityadvisors.network cybersecurityadvisors.network

www.laliga.com

Official statement

In relation to the blocking of IPs during the recent EA SPORTS LALIGA matchdays linked to illegal Cloudflare practices.
www.laliga.com www.laliga.com

techlapse.com

Spanish ISPs Block Cloudflare IPs during LaLiga Matches

Spanish users experience widespread outages of Cloudflare-hosted websites as of October 18, after LaLiga initiates IP blocks to stop illegal football streams.
techlapse.com techlapse.com
 
smallwheels said:
Oh really? Who would have guessed that... :rolleyes:


The netherlands have historically been famous for very liberal hosting and freedom of speech. The have a long tradition for hosting sites, that in other countries were endangered to be shut down. It got a little stricter in recent years as far as I can judge, however - most of the filthy traffic that hits my forum and comes from within the EU comes from the Netherlands. Raids and server confiscations there typically would have a very good reason. Anyway it would be way way bette than hosting in the US (or using US based services or services providers) where since the patriot act from 2001 no privacy is guaranteed and even less if you are not a US citizen. It got way worse since then and with the current government it is no better than any dictatorship state. With the system of subpoemas you can be spied at easily and to not even get informed. There is a reason why there are such things as warrant canaries...

en.wikipedia.org

Warrant canary - Wikipedia

en.wikipedia.org en.wikipedia.org

A company that decypts large amounts of web traffic and has so full access to it's content is a perfect target for "agencies". If this company resides in a country where those agencies not only can force companies to secretly hand over user data but also have a proven history in doing so I would call that a problem.




You may want to read this blogpost and the comments below it:

robindev.substack.com

Cloudflare took down our website after trying to force us to pay 120k$ within 24h

TL;DR:
robindev.substack.com robindev.substack.com

Cloudflare seems pretty dedicated and pretty transparent but it also seems they do have a dark side.
Click to expand...
You're not telling me something I don't already know. I've made note of warrant canaries since the mid-early 2000s. Cloudflare has finer grained canaries than most - listing things they don't do - and when one of those things disappears you know law enforcement forced them.

Not using Cloudflare isn't going to protect a site from law enforcement's prying eyes if they want access, and anyone thinking they are safer from law enforcement by not using a proxy is living under a false sense of security. Unless you're hosting on your own locked location, it's not much harder for law enforcement to get a warrant for direct access to a server, or VM, than it is to get it from Cloudflare.

And a company complaining about Cloudflare removing them, and yet admitting they were likely violating Cloudflare's terms*, is a terrible example, especially since we only have one side of the story. Things like this can happen with companies on Cloudflare, AWS, Azure, etc. and pretty much every cloud provider if you violate their terms. Considering the millions of websites using them without these sorts of complaints, their track record is damn good.

(PS. Frankly, if anyone is worried about the content they have being accessed by law enforcement, they are probably not someone I want to do business with.)
 
MySiteGuy said:
Not using Cloudflare isn't going to protect a site from law enforcement's prying eyes if they want access, and anyone thinking they are safer from law enforcement by not using a proxy is living under a false sense of security. Unless you're hosting on your own locked location, it's not much harder for law enforcement to get a warrant for direct access to a server, or VM, than it is to get it from Cloudflare.
Click to expand...
Nobody has claimed what you question plus you are completely missing the point. If your forum/hosting is not based in the US using Cloudflare opens a door for US agencies that otherwise would not exist. Given the way the US government and those agencies have acted over the last 25 years I prefer not to offer this door, the more with the current US government.
MySiteGuy said:
And a company complaining about Cloudflare removing them, and yet admitting they were likely violating Cloudflare's terms*, is a terrible example, especially since we only have one side of the story.
Click to expand...
Again you are missing the point completely. Not even the author of the blogpost does complain that Cloudflare has ended the contract. What he complains about is about the way they did it, arranging appointments with tech support that in fact were meeting with the sales team, requesting a huge upfront payment out of the blue and, also out of the blue, shutting down the account (and thus the reachability of the website) with no prep-time. Different from what you say I don't see where the customer was violating Cloudflares TOS. The customer may run a somewhat shady business and using loads of traffic, but technically it does not sound illegal.
The comments below the post from different people having experienced the same behaviour does make his points more valid/credible (though we only know one side of the story and don't know if the comments are genuine).

MySiteGuy said:
(PS. Frankly, if anyone is worried about the content they have being accessed by law enforcement, they are probably not someone I want to do business with.)
Click to expand...
This is the same stupid argument that has always been used against encryption: "Why encrypt if you have nothing to hide?" Do you use SSL on your webpage? Why, if you don't do anything illegal?
 
In our country, websites powered by Cloudflare have been unavailable for six months.

Back in November 2023, Roskomnadzor (the Federal Service for Supervision of Communications, Information Technology and Mass Media) recommended that online resource owners in Russia switch from Cloudflare's CDN platform to domestic alternatives. The reason for this was the company's technologies, which allow for bypassing blocked content.

The agency explained that the use of such tools is contrary to Russian law and falls under the scope of the system of technical countermeasures for threats (TCM). As an alternative, Roskomnadzor proposed Russian CDN solutions, which, according to the service, ensure stable website operation and protection from cyberattacks.

In June 2025, Russian users experienced widespread outages on hundreds of foreign websites, services, and online games. In particular, our customers began contacting us about this issue, which prompted the decision to disconnect from the service.

As previously reported, the problems affected not only web resources and applications but also popular tools for bypassing blocking.

Due to possible slowdowns or blocking, Cloudflare traffic in Russia has been halved and continues to decline. However, Roskomnadzor has not officially confirmed any targeted restrictions on the service in the country.
Click to expand...
 
RobinHood said:
I had to read that first sentence in my head in Steve Gibson's voice.
Click to expand...
I know it sounds interesting, but the point is different. :)

In short, the government is fighting online fraud, fake websites, piracy, warez, and so on. By blocking pages/sites and, in some cases, IP addresses. A letter is sent to the hosting company demanding either the removal of pirated material or copyrighted material, and they're given three days to do so, or the domain or IP address will be blocked. Yes, this restriction can be circumvented using a VPN. But even the most popular VPNs are already blocked or slowed down. Cloudflare allows websites that violate copyright or are fraudulent to bypass these restrictions using proxies. Therefore, Roskomnadzor decided to block all Cloudflare subnets. That's the short version of the reasons, but it's a shame, as almost everyone in Russia used it. Now, you can only uncheck the proxy box and open your IP address.
 
Elliott said:
the government is fighting online fraud, fake websites, piracy, warez, and so on
Click to expand...
Elliott said:
Cloudflare allows websites that violate copyright or are fraudulent to bypass these restrictions using proxies. Therefore, Roskomnadzor decided to block all Cloudflare subnets.
Click to expand...
John Candy Reaction GIF

Well it might be one of the reasons, but thats not the main goal... 🤫
 
rdn said:
I use Cloudflare heavily; out of 60+ domains, only 3 are on the Pro plan; the rest are just using the free plan.
My forum can't live without CF; the main server cannot keep up with the bandwidth needed.

View attachment 330357
Click to expand...
Those are some impressive numbers.
What are the server demands to hold such traffic of yours? I see software stack, would be interesting to see hardware, if its not secret.
 
Jja said:
Those are some impressive numbers.
What are the server demands to hold such traffic of yours? I see software stack, would be interesting to see hardware, if its not secret.
Click to expand...
CPU: AMD EPYC 7543P
RAM: 128 GB
Disk: 1 TB NVMe

Just a simple single server.

3-day CPU load:
1764388820774.webp
 
  • Love
Reactions: Jja
You must log in or register to reply here.

Similar threads

Can
  • Question Question
XF 2.3 XenForo + LiteSpeed + Redis + Cloudflare Optimization – Is this configuration correct?
Replies
3
Views
65
Ricsca
Ricsca
Grover
Setup Cloudflare on vBulletin 3.8.11 (preparing to switch to Xenforo)
Replies
12
Views
270
Ricsca
Ricsca
V
Using XenForo With Cloudflare
Replies
1
Views
98
Mr. Jinx
Mr. Jinx
Jeffin
Migrate forum off Centmin Mod → Ubuntu 24.04 (DO) + Cloudflare – build, move, harden, document
Replies
3
Views
145
Slavik
Slavik
Mike Fara
Session Validator for Cloudflare [Deleted]
Replies
5
Views
139
Mike Fara
Mike Fara
Back
Top Bottom