Cloudflare WAF doesn't block clients in general, it blocks based on the data the... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		aeyes on Jan 14, 2024 \| parent \| context \| favorite \| on: Ask HN: Does Cloudflare block HN comments if you h... Cloudflare WAF doesn't block clients in general, it blocks based on the data the client sends to the server. Unless your client sends a string which matches one of the WAF patterns the site will work fine. It only blocks individual requests. Now the problem here is that you probably shouldn't enable the WAF without having it in log only mode for a while if you are operating a site which let's users submit arbitrary text input. Of course it's going to match... You'll have to adjust the configuration.

bombcar on Jan 14, 2024 [–]

I’ve yet to see a WAF that wasn’t eventually accidentally triggered by some zip file.

I’ve had to recompress zip files with a higher compression setting to get around whatever string was triggering it.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact