sunstarunicorn wrote: ↑2022-05-05, 20:45
Anon, where are you using the UA strings?
general.useragent.override.steamdb.info
general.useragent.override.dodi-repacks.site
etc.
Just checked and it looks like SteamDB lowered the "protection" level for their site. I can trigger the loop in my main browser profile by not sending the user agent header or "spoofing" the user agent, but sending the native UA passes through unmolested.
dodi-repacks.site still loops, as does a private forum that also uses Cloudflare.
gepus wrote: ↑2022-05-06, 19:45
C'mon people, Cloudflare's blocking is not an UserAgent issue.
Don't let you get fooled because it worked for a very short time with an override.
They do
feature detection (for fingerprinting). Their routine is probably optimized for the Chrome-engine.
The Firefox UA worked for a short time because they hadn't had enough time to properly fingerprint the new version of Firefox. Once enough people were using the new version, their systems picked up on the proper fingerprint and switched from passive to active, slamming the door in our faces. This also seems to indicate that if you have a large enough botnet you can trip up their artificial stupidity into mass-blocking legitimate browsers around the time of a new version release if you can force through more "normal" looking traffic than legitimate users.
I firmly believe their system is heavily optimized for the Chrome engine. It, by design, leaks private information and can't be reliably patched with addons. Being a part of Big Tech they want people to think Google Chrome and Edge "just work" and the safer, more private browsers have issues.
---RANT---
Also, something I've noticed, if you watch how fast it loops you can tell if you passed the fingerprinting or not. If it loops quickly it means you've been blocked because of the broken check. If the loop goes slowly, like it "hangs" for a few seconds between redirects, there's something you've done that has failed the fingerprinting. This side-channel attack on their system is some serious amateur-hour BS that shows the laughable level of competence of the people building their systems. I really hope nobody from, say, North Korea is watching this and realizes just how fragile Cloudflare has made half the internet...
---END RANT---
sunstarunicorn wrote: ↑2022-05-06, 20:42
P.S. - I know I'm preaching to the choir here, but this incident is really pushing my temper buttons.
Do I do what I need to get done today or do I post a thermonuclear rant? Decisions, decisions...