Cloudflare "Checking your browser" infinite redirect on multiple sites

For support with specific websites

Moderator: trava90

Forum rules
Please always mention the name/domain of the website in question in your topic title.
Please one website per topic thread (to help keep things organized). While behavior on different sites might at first glance seem similar, they are not necessarily caused by the same.

Please try to include any relevant output from the Toolkit Error Console or the Developer Tools Web Console using the following procedure:
  1. Clear any current output
  2. Navigate or refresh the page in question
  3. Copy and paste Errors or seemingly relevant Warnings into a single [ code ] block.
User avatar
sunstarunicorn
Moonbather
Moonbather
Posts: 62
Joined: 2016-04-07, 21:01

Re: Cloudflare "Checking your browser" infinite redirect on multiple sites

Unread post by sunstarunicorn » 2022-05-06, 20:42

andyprough wrote:
2022-05-06, 19:12
This is being discussed on the ghacks.net website. Waterfox and earlier versions of Firefox are also being affected with the infinite redirects now. Looks like it's a big Cloudflare foul-up.
I hope this does blow up in their faces. It should. There are way too many companies that seem to think they have the right to dictate how people should be able to access the Internet. Other things, too, but I don't want to derail this thread.

If CloudFlare's product is meant to protect websites from DDOS attacks, then that should be their only focus. Not cherry-picking their Browser Detection scripts to ram Big Tech down our throats.

If Ghacks has enough influence and reach to embarrass CloudFlare enough to back down, then good for them. I, for one, will be cheering them on, all the way.

P.S. - I know I'm preaching to the choir here, but this incident is really pushing my temper buttons.
Then I shall name you Tinúviel Beria uin Morchaint, which means 'Daughter of Twilight protecting from the Shadows' in Elvish.

Once a King or Queen of Narnia, always a King or Queen.

He is not a tame Lion...but he is Good.

Connect, Respect, Protect

Let's Keep the Peace!

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Cloudflare "Checking your browser" infinite redirect on multiple sites

Unread post by Moonchild » 2022-05-06, 21:03

gepus wrote:
2022-05-06, 19:45
C'mon people, Cloudflare's blocking is not an UserAgent issue.
if it wasn't, the changing the user agent string wouldn't have worked at all. So you're wrong.

It should blow up in their faces, indeed.

For the record, my feedback has been entered into the initial thread that was initially locked. I think my reasoning there is pretty straightforward and the main fact remains that using a user-agent string to verify "legitimacy" of a web client is totally wrong. User-agent sniffing as a practice has been wrong for decades already.
https://community.cloudflare.com/t/brow ... =moonchild

If you feel you have anything to add or if it enrages you, I suggest you add your feedback there as it seems to be the only place they are even accepting feedback at the moment. Direct account support certainly isn't.

Also, CloudFlare, if they want to offer this kind of service, should maintain an extensive list of all "legitimate" web browsers in use and every version's feature set. They should also provide website owners with a lot more information what they are doing with this "check" so webmasters can make informed decisions (i.e. make clear it's a footgun) whether they want this "feature" enabled or not. But ultimately if it's incomplete and prone to false positives as a result, they should NOT be preventing users from accessing websites as they are doing now just because they are using a less well-known browser.
The problem is also that if a website can't be reached, it becomes extremely difficult to send the webmaster of such sites a message that CloudFlare's "check' is blocking legitimate visitors.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
Anon658153
Moongazer
Moongazer
Posts: 14
Joined: 2022-05-04, 05:32

Re: Cloudflare "Checking your browser" infinite redirect on multiple sites

Unread post by Anon658153 » 2022-05-06, 21:09

sunstarunicorn wrote:
2022-05-05, 20:45
Anon, where are you using the UA strings?
general.useragent.override.steamdb.info
general.useragent.override.dodi-repacks.site
etc.

Just checked and it looks like SteamDB lowered the "protection" level for their site. I can trigger the loop in my main browser profile by not sending the user agent header or "spoofing" the user agent, but sending the native UA passes through unmolested.

dodi-repacks.site still loops, as does a private forum that also uses Cloudflare.
gepus wrote:
2022-05-06, 19:45
C'mon people, Cloudflare's blocking is not an UserAgent issue.
Don't let you get fooled because it worked for a very short time with an override.
They do feature detection (for fingerprinting). Their routine is probably optimized for the Chrome-engine.
The Firefox UA worked for a short time because they hadn't had enough time to properly fingerprint the new version of Firefox. Once enough people were using the new version, their systems picked up on the proper fingerprint and switched from passive to active, slamming the door in our faces. This also seems to indicate that if you have a large enough botnet you can trip up their artificial stupidity into mass-blocking legitimate browsers around the time of a new version release if you can force through more "normal" looking traffic than legitimate users.

I firmly believe their system is heavily optimized for the Chrome engine. It, by design, leaks private information and can't be reliably patched with addons. Being a part of Big Tech they want people to think Google Chrome and Edge "just work" and the safer, more private browsers have issues.

:evil: ---RANT--- :evil:
Also, something I've noticed, if you watch how fast it loops you can tell if you passed the fingerprinting or not. If it loops quickly it means you've been blocked because of the broken check. If the loop goes slowly, like it "hangs" for a few seconds between redirects, there's something you've done that has failed the fingerprinting. This side-channel attack on their system is some serious amateur-hour BS that shows the laughable level of competence of the people building their systems. I really hope nobody from, say, North Korea is watching this and realizes just how fragile Cloudflare has made half the internet...
:evil: ---END RANT--- :evil:
sunstarunicorn wrote:
2022-05-06, 20:42
P.S. - I know I'm preaching to the choir here, but this incident is really pushing my temper buttons.
Do I do what I need to get done today or do I post a thermonuclear rant? Decisions, decisions... :lol:

User avatar
gepus
Keeps coming back
Keeps coming back
Posts: 933
Joined: 2017-12-14, 12:59

Re: Cloudflare "Checking your browser" infinite redirect on multiple sites

Unread post by gepus » 2022-05-06, 22:48

Moonchild wrote:
2022-05-06, 21:03
gepus wrote:
2022-05-06, 19:45
C'mon people, Cloudflare's blocking is not an UserAgent issue.
if it wasn't, the changing the user agent string wouldn't have worked at all. So you're wrong.
One of us two is wrong. That's for sure. ;)

The UserAgent override worked for a short time. It worked only because they lowered (on purpose or by accident) feature detection.
The UA spoof didn't work before (I tested with a general override) and doesn't work now.

You'll have to admit at least that CloudFlare is doing feature detection otherwise masking would work.
UserAgent spoofing can only work if CloudFlare lowers its "protection level" aka feature detection level.

BTW, CloudFlare knows exactly what it is doing.

User avatar
moonbat
Knows the dark side
Knows the dark side
Posts: 4942
Joined: 2015-12-09, 15:45
Contact:

Re: Cloudflare "Checking your browser" infinite redirect on multiple sites

Unread post by moonbat » 2022-05-07, 05:48

For those of you fiddling with the UA - either PermissionsPlus or Sasuga will let you manage them more easily than directly fiddling with about:config.
"One hosts to look them up, one DNS to find them and in the darkness BIND them."

Image
Linux Mint 21 Xfce x64 on HP i5-5200 laptop, 12 GB RAM.
AutoPageColor|PermissionsPlus|PMPlayer|Pure URL|RecordRewind|TextFX

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Cloudflare "Checking your browser" infinite redirect on multiple sites

Unread post by Moonchild » 2022-05-07, 07:12

gepus wrote:
2022-05-06, 22:48
CloudFlare knows exactly what it is doing.
Of course they do, but whether it is a sensible thing to do is an entirely different matter.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Cloudflare "Checking your browser" infinite redirect on multiple sites

Unread post by Moonchild » 2022-05-07, 07:31

I got one of CloudFlare's "newsletters" and in it they are touting that they are doing away with CAPTCHAs for web access.
My educated guess is they are trying to automate everything so people aren't asked to use CAPTCHAs, but as a result they need to tighten their automatic checks to include what would normally trigger a CAPTCHA to users. And this is what we are running afoul of. Whether it's strict UA checking or whether it's "feature detection" (whichever features they may be...?) is irrelevant at this point, aside from being able to work around it or not.

I think the only thing their "engineering team" will listen to is a flood of complaints through website owners, so please do complain to websites if you run into this issue so they can either pass it one to CF or adjust their "security" level, or (preferably) both. of course there will be websites who just don't care about anything but Chromium (even if Pale Moon works fine) and won't do anything, but this has to be addressed. It's absolutely ridiculous that a so-called "integrity check" blocks independent, legitimate browsers. That's not an integrity check but rather making a walled garden out of part of the web. Are we really just going to let them do that?
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

digitalaudiorock
Moonbather
Moonbather
Posts: 61
Joined: 2017-08-16, 14:12

Re: Cloudflare "Checking your browser" infinite redirect on multiple sites

Unread post by digitalaudiorock » 2022-05-07, 09:22

Moonchild wrote:
2022-05-07, 07:31
I think the only thing their "engineering team" will listen to is a flood of complaints through website owners, so please do complain to websites if you run into this issue so they can either pass it one to CF or adjust their "security" level, or (preferably) both.
+1000. This is exactly what I did with a site where I have a paid membership and this is occurring. I was very nice about it, as the site it otherwise great and has no browser compatibility issues at all. They don't need to, as CF supplies those for them :roll: . Unreal.

This has forced me to use FF more than I have in a long time and all I can say is thank God for Palemoon. OMG...the annoying things that FF does are innumerable. One I just ran into is that every time you save a file, the little dialog that comes up in the upper right grabs focus, effectively disabling the keyboard on that page...and you can't even tab out of it...you literally have to use the mouse to click out of it. The Mozilla devs are assholes of the highest order.

User avatar
gepus
Keeps coming back
Keeps coming back
Posts: 933
Joined: 2017-12-14, 12:59

Re: Cloudflare "Checking your browser" infinite redirect on multiple sites

Unread post by gepus » 2022-05-07, 09:43

Off-topic:
BTW, CloudFlare also needs to access your canvas image data for its "browser identity check" so it can prevent villains from accessing sites.
Attachments
CF.png

User avatar
Sajadi
Board Warrior
Board Warrior
Posts: 1226
Joined: 2013-04-19, 00:46

Re: Cloudflare "Checking your browser" infinite redirect on multiple sites

Unread post by Sajadi » 2022-05-07, 09:56

In the end it comes down to this:

Cloudflare only accepts browsers anymore which are "state of the art" - aka supporting all the actual standards and shinies Google loves to throw into the wild and every browser who is not supporting all this garbage is left behind.

That is more than discrimination, this is almost criminal.

Welcome to a more non-free and restricted web where disgusting big companies control who and who is not allowed to enter certain places.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Cloudflare "Checking your browser" infinite redirect on multiple sites

Unread post by Moonchild » 2022-05-07, 10:03

Sajadi wrote:
2022-05-07, 09:56
Welcome to a more non-free and restricted web where disgusting big companies control who and who is not allowed to enter certain places.
Moonchild wrote:
2022-05-07, 07:31
That's not an integrity check but rather making a walled garden out of part of the web.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
Sajadi
Board Warrior
Board Warrior
Posts: 1226
Joined: 2013-04-19, 00:46

Re: Cloudflare "Checking your browser" infinite redirect on multiple sites

Unread post by Sajadi » 2022-05-07, 10:34

Btw:

SteamDB seems to be pass the check with user agents like that here:

Mozilla/5.0 (X11; CrOS x86_64 14526.89.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.133 Safari/537.36
Mozilla/5.0 (iPod touch; CPU iPhone OS 12_3_1 like Mac OS X) AppleWebKit/604.5.6 (KHTML, like Gecko) FxiOS/100.0 Mobile/15E148 Safari/605.1.15

But the other pages still don't work even when using user agents like that ones here.

User avatar
Kuroji
Newbie
Newbie
Posts: 3
Joined: 2022-05-07, 12:03

Re: Cloudflare "Checking your browser" infinite redirect on multiple sites

Unread post by Kuroji » 2022-05-07, 12:08

And isn't it so very interesting that the thread got locked within five minutes of that particular forum member replying, while ignoring the point that anyone but himself makes?

I find it remarkably interesting that Cloudflare has decided to outright police what browsers can access sites that they act as a gateway to, when this action has minimal utility in preventing DDOSes as their purported goal is.

User avatar
Moonraker
Board Warrior
Board Warrior
Posts: 1878
Joined: 2015-09-30, 23:02
Location: uk.

Re: Cloudflare "Checking your browser" infinite redirect on multiple sites

Unread post by Moonraker » 2022-05-07, 13:49

Aha welcome to the future of the web..google way or no way at all.Let's just hope cloudflare has not set a trend in motion and others follow suit or we will soon not be able to navigate to ANY website unless a specific browser is used and i think we all know which browser that would be... :shock:

But of course google is not that evil..... :lol: :lol:
user of multiple puppy linuxes..upup,fossapup.scpup,xenialpup..... :thumbup:

Pale moon 29.4.1

User avatar
Sajadi
Board Warrior
Board Warrior
Posts: 1226
Joined: 2013-04-19, 00:46

Re: Cloudflare "Checking your browser" infinite redirect on multiple sites

Unread post by Sajadi » 2022-05-07, 14:12

Moonraker wrote:
2022-05-07, 13:49
Aha welcome to the future of the web..google way or no way at all.Let's just hope cloudflare has not set a trend in motion and others follow suit or we will soon not be able to navigate to ANY website unless a specific browser is used and i think we all know which browser that would be... :shock:

But of course google is not that evil..... :lol: :lol:
Thats exactly the goal... Google... Cloudflare.... all the same black mass of greedy companies who support each others thirst for power. You can bet that this is only the beginning, and it will end not very pretty. It will be even worse than during the IE domination in the long forgotten past... :evil:

Everyone who has no Chrome feature set will be excluded. Its anti-competitive, its illegal monopolistic behavior - And Google is fully in control as every browser is forced to adopt more and more of their code. They manipulated and intentionally damaged Opera and Mozilla beyond recognition. And even if all the other browsers will be just another flavor of Chrome, Google can still argue that they allow "competition" in possible anti-trust investigations, as they know exactly that that "competition" is fully at their mercy as Google could pull instantly the plug with making the Chromium source code closed source, so Google has an army of loyal minions out there who come again and again for their rescue, if they want or not. And nobody cares if that "competition" uses the same engine as long as the branding is different :lol: :lol: :lol:

And Mozilla is clearly Google fanboy number 1 :evil: :evil: :evil:

User avatar
jouven
Hobby Astronomer
Hobby Astronomer
Posts: 15
Joined: 2021-04-28, 11:15

Re: Cloudflare "Checking your browser" infinite redirect on multiple sites

Unread post by jouven » 2022-05-07, 14:41

I did some tests and chrome starts working at version 63, late 2017, prior versions get stuck in the check but don't loop as fast and stress the cpu like Pale moon does
The KianNH user from the cloudflare forums is a shill and misdirects the issue. Because the issue isn't that a browser is out-of-date (whatever that means), it's what's required to pass that check, which as far as I can tell it's not public
The elephant in the room is that when the check fails it doesn't say why or how, it doesn't provide the requirements to pass it. Another way to frame the issue is: if the requirements about how to pass the check aren't public why does chrome pass it?
Cloudflare is a browser gatekeeper

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Cloudflare "Checking your browser" infinite redirect on multiple sites

Unread post by Moonchild » 2022-05-07, 14:45

What stings even more is that this project helped put Cloudflare on the map by being a very early adopter and providing positive references for them at a critical point in time.
They're quick to forget their roots now that they've grown huge.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
moonbat
Knows the dark side
Knows the dark side
Posts: 4942
Joined: 2015-12-09, 15:45
Contact:

Re: Cloudflare "Checking your browser" infinite redirect on multiple sites

Unread post by moonbat » 2022-05-07, 14:51

Moonchild wrote:
2022-05-07, 14:45
They're quick to forget their roots now that they've grown huge.
Is it possible/desirable for you to switch to some other CDN provider?
"One hosts to look them up, one DNS to find them and in the darkness BIND them."

Image
Linux Mint 21 Xfce x64 on HP i5-5200 laptop, 12 GB RAM.
AutoPageColor|PermissionsPlus|PMPlayer|Pure URL|RecordRewind|TextFX

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Cloudflare "Checking your browser" infinite redirect on multiple sites

Unread post by Moonchild » 2022-05-07, 14:54

moonbat wrote:
2022-05-07, 14:51
Is it possible/desirable for you to switch to some other CDN provider?
That's not the issue here. The issue is all the other thousands of sites that use them. If they don't address this properly they are literally gating a large part of the Internet for us (and I assume a good bunch of other browsers).
For the record, I already pulled palemoon.org from their service. I still have a domain entry there for it but they don't control it.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
darkrats
Moongazer
Moongazer
Posts: 10
Joined: 2019-08-29, 17:51

Re: Cloudflare "Checking your browser" infinite redirect on multiple sites

Unread post by darkrats » 2022-05-07, 15:20

In general I'm not big on regulating the internet, but it seems to me that this is an opportunity for the Government to step up. After all, in other areas they get involved (as in ensuring high speed access to all etc). I don't know where they are based out of, but if Cloudfare isn't willing to allow all browsers to pass through their system on the way to all websites, they should be forced to by legislation in their own country or by international agreements. In a sense they are creating a monopoly on behalf of certain browser creators, and this shouldn't be allowed. Do we really want an internet where Cloudfare decides that only Google Chrome, for example, should be allowed to connect to websites? Sounds like a monopoly to me. Even if you want to run Internet Explorer 3 to surf the net, that should be your choice, whatever the security issues.

Locked