nat4200
Phoenix
![]()
Joined: Jan 11, 2011
Posts: 704
Location: BANNED
|
 Posted: Tue Mar 27, 2012 10:20 pm Post subject: |
 |
|
Redacted
Last edited by nat4200 on Sat Apr 21, 2012 2:49 am; edited 1 time in total |
|
| Back to top |
|
sliqua-jcooter
Phoenix
Joined: Jan 26, 2010
Posts: 814
Location: Burke, Virginia, USA
|
| Posted: Tue Mar 27, 2012 10:22 pm Post subject: |
|
|
| nat4200 wrote: | | sliqua-jcooter wrote: | | nat4200 wrote: | | sliqua-jcooter wrote: | | Cornflake wrote: | | sliqua-jcooter wrote: | | It's entirely possible that dynamic content is being loaded from one cloudflare location, and static content from another. |
Good point, and may go towards explaining why it was at least a week before I saw any Cloudflare error dialogs here when others on WP were already reporting them. |
As you so astutely put it before, since we don't have any real insight into the cloudflare caching platform, all we can do is guess - but this is my theory (I lack any kind of empirical evidence to back this up, but it seems to make sense in my head):
Something with how WP handles session timeouts is being interfered with by introducing cloudflare - so sessions are timing out when they shouldn't. This, in turn, is causing the session cookies to become irrelevant, and when WP tries to re-direct the user to a login page, it's passing some kind of variable that's tricking cloudflare into freaking out. |
This might be pedantic, but I thought the site's "session" at the client side did not use "session cookies". |
It doesn't *only* use session cookies (session tracking on a user-basis is done server-side) but pretty much any session-based web application has to use some kind of identifying cookie to track the client. |
Session cookies doesn't mean cookies used for session tracking. A session cookie is a cookie with no explicit expiry date that the browser deletes when all "sessions" it has with the site (or path) that cookie applies to are closed (eg. all tabs/windows which are open in the browser for the site) |
We're talking about two different contexts of "sessions".
_________________
Nothing posted here should be construed as the opinion or position of my company, or an official position of WrongPlanet in any way, unless specifically mentioned. |
|
| Back to top |
|
nat4200
Phoenix
![]()
Joined: Jan 11, 2011
Posts: 704
Location: BANNED
|
| Posted: Tue Mar 27, 2012 10:27 pm Post subject: |
|
|
Redacted
Last edited by nat4200 on Sat Apr 21, 2012 2:50 am; edited 1 time in total |
|
| Back to top |
|
MrXxx
Moderator/Enigmatus Paradoxius
Joined: May 12, 2010
Posts: 5678
Location: New England
|
| Posted: Tue Mar 27, 2012 10:43 pm Post subject: |
|
|
Just a quick update:
Three times now, consistant:
The page shows up for me only after being signed on for a long time (several hours), then begins to show up when any link is clicked. Every time, the only thing I have done is restart the browser, and it stops.
_________________
MrXxx is taking a long sabbatical, and no longer moderating. |
|
| Back to top |
|
nat4200
Phoenix
![]()
Joined: Jan 11, 2011
Posts: 704
Location: BANNED
|
| Posted: Tue Mar 27, 2012 11:18 pm Post subject: |
|
|
Redacted
Last edited by nat4200 on Sat Apr 21, 2012 2:50 am; edited 1 time in total |
|
| Back to top |
|
sliqua-jcooter
Phoenix
Joined: Jan 26, 2010
Posts: 814
Location: Burke, Virginia, USA
|
| Posted: Wed Mar 28, 2012 10:59 am Post subject: |
|
|
| nat4200 wrote: | | Individual Cloudflare server nodes pull traffic independently |
I feel comfortable assuming this is the case, as any other architecture just doesn't make sense.
| Quote: | | Certain nodes aren't whitelisted well enough and occasionally pull enough request from the actual WP servers that a security module on those WP servers (intended to handle DoS attacks or the like) puts them in a sin bin for a while |
I don't believe there is any such service on the server, but I'll double-check at some point today.
| Quote: | | Restarting one's browser or clearing certain cookies might make Cloudflare forget which server node a user has been allocated to, hence why restarting a browser makes the problem go away - after the restart the user is sent to a non-sin binned server node (this might also explain why some users have found they had to restart twice on some occasions - as they were conceiveably unlucky enough to be reallocated to the same server after the 1st restart) |
This seems unlikely, as I believe the cloudflare service is allocated to users by way of anycast DNS (which then may or may not hit a load balancer). Simply restarting the browser wouldn't clear the DNS cache local on the machine, much less the ISPs cache on the recursive DNS server.
| Quote: | | Despite the fact that I'm sure the servers are likely all whitelisted, etc. I think there's a certain "elegance" to this theory - such that I thought it worth sharing |
Good theory, just don't think it pans out.
_________________
Nothing posted here should be construed as the opinion or position of my company, or an official position of WrongPlanet in any way, unless specifically mentioned. |
|
| Back to top |
|
nat4200
Phoenix
![]()
Joined: Jan 11, 2011
Posts: 704
Location: BANNED
|
| Posted: Wed Mar 28, 2012 11:38 am Post subject: |
|
|
Redacted
Last edited by nat4200 on Sat Apr 21, 2012 2:50 am; edited 1 time in total |
|
| Back to top |
|
Lepidoptera
Sea Gull
Joined: May 10, 2008
Posts: 221
Location: Northern California
|
| Posted: Mon Apr 09, 2012 11:03 pm Post subject: |
|
|
| I had a Cloudflare issue today. When I went to WP I got a page that said my computer had a virus and I was blocked from the site. But it allowed me to enter the text from one of those nearly impossible to read graphics to prove I was a human and not a bot. I ran a disk scan with Eset for the Mac and no viruses were found. Now this evening the problem is gone. I'll take a screen shot if it returns. |
|
| Back to top |
|
sliqua-jcooter
Phoenix
Joined: Jan 26, 2010
Posts: 814
Location: Burke, Virginia, USA
|
| Posted: Mon Apr 09, 2012 11:37 pm Post subject: |
|
|
| Lepidoptera wrote: | | I had a Cloudflare issue today. When I went to WP I got a page that said my computer had a virus and I was blocked from the site. But it allowed me to enter the text from one of those nearly impossible to read graphics to prove I was a human and not a bot. I ran a disk scan with Eset for the Mac and no viruses were found. Now this evening the problem is gone. I'll take a screen shot if it returns. |
That's intended functionality.
_________________
Nothing posted here should be construed as the opinion or position of my company, or an official position of WrongPlanet in any way, unless specifically mentioned. |
|
| Back to top |
|
Lepidoptera
Sea Gull
Joined: May 10, 2008
Posts: 221
Location: Northern California
|
| Posted: Tue Apr 10, 2012 10:18 am Post subject: |
|
|
| sliqua-jcooter wrote: | | Lepidoptera wrote: | | I had a Cloudflare issue today. When I went to WP I got a page that said my computer had a virus and I was blocked from the site. But it allowed me to enter the text from one of those nearly impossible to read graphics to prove I was a human and not a bot. I ran a disk scan with Eset for the Mac and no viruses were found. Now this evening the problem is gone. I'll take a screen shot if it returns. |
That's intended functionality. |
It's intended to block clean computers? That doesn't make any sense. |
|
| Back to top |
|
sliqua-jcooter
Phoenix
Joined: Jan 26, 2010
Posts: 814
Location: Burke, Virginia, USA
|
| Posted: Tue Apr 10, 2012 11:22 am Post subject: |
|
|
| Lepidoptera wrote: | | sliqua-jcooter wrote: | | Lepidoptera wrote: | | I had a Cloudflare issue today. When I went to WP I got a page that said my computer had a virus and I was blocked from the site. But it allowed me to enter the text from one of those nearly impossible to read graphics to prove I was a human and not a bot. I ran a disk scan with Eset for the Mac and no viruses were found. Now this evening the problem is gone. I'll take a screen shot if it returns. |
That's intended functionality. |
It's intended to block clean computers? That doesn't make any sense. |
It's intended to block suspicious activity. That doesn't always mean your computer has a virus.
_________________
Nothing posted here should be construed as the opinion or position of my company, or an official position of WrongPlanet in any way, unless specifically mentioned. |
|
| Back to top |
|
nat4200
Phoenix
![]()
Joined: Jan 11, 2011
Posts: 704
Location: BANNED
|
| Posted: Tue Apr 10, 2012 5:07 pm Post subject: |
|
|
Redacted
Last edited by nat4200 on Sat Apr 21, 2012 3:03 am; edited 2 times in total |
|
| Back to top |
|
sliqua-jcooter
Phoenix
Joined: Jan 26, 2010
Posts: 814
Location: Burke, Virginia, USA
|
| Posted: Tue Apr 10, 2012 5:18 pm Post subject: |
|
|
| nat4200 wrote: | | sliqua-jcooter wrote: | | Lepidoptera wrote: | | sliqua-jcooter wrote: | | Lepidoptera wrote: | | I had a Cloudflare issue today. When I went to WP I got a page that suggested my computer may have a virus and I was blocked from the site until I completed a "captcha" ie. to prove I was a human and not a bot. I ran a disk scan with Eset for the Mac and no viruses were found. Now this evening the problem is gone. I'll take a screen shot if it returns. |
That's intended functionality. |
It's intended to challenge clean computers? That doesn't make any sense. |
It's intended to challenge after picking up possibly suspicious activity. That doesn't always mean your computer has a virus or that there is actually anything wrong at all[?] |
^FTFY (changes in red).
I've had this message once and was using an uncompromised Ubuntu Linux desktop at the time (on a connection with a static IP and the few machines on the LAN all being mine), I don't know what heuristics were tripped to 'spook' Cloudflare (I was browsing normally) but I didn't think completing the captcha was unreasonable (I would probably mind only if I was prompted frequently).
Lepidoptera: Suggest you clarify: on the day you encountered the message did you just get it the once, or did you get it many times? (eg. load a page, prompt with catptcha... change pages, prompted again) |
Cloudflare's security will temporarily whitelist anyone who successfully completes a captcha.
I don't know what Cloudflare is actually looking at or tripping up on - and I'm not going to debate the merits of such software. The decision on what Cloudflare features are enabled/disabled is entirely up to Alex. All I'm saying is this is not an instance of a misconfiguration of Cloudflare, or any other kind of unintentional behavior.
_________________
Nothing posted here should be construed as the opinion or position of my company, or an official position of WrongPlanet in any way, unless specifically mentioned. |
|
| Back to top |
|
nat4200
Phoenix
![]()
Joined: Jan 11, 2011
Posts: 704
Location: BANNED
|
| Posted: Tue Apr 10, 2012 6:13 pm Post subject: |
|
|
Redacted
Last edited by nat4200 on Sat Apr 21, 2012 3:04 am; edited 1 time in total |
|
| Back to top |
|
sliqua-jcooter
Phoenix
Joined: Jan 26, 2010
Posts: 814
Location: Burke, Virginia, USA
|
| Posted: Tue Apr 10, 2012 8:07 pm Post subject: |
|
|
I posted what I did to pre-empt any further discussion about a non-issue.
This thread has gathered quite a lot of attention, and a lot of eyes are on here looking for configuration issues with cloudflare that are degrading users' ability to use the site. I don't want to distract from that with issues that aren't actually issues at all.
If you want to take up the cloudflare security features any further than it's been taken up to this point, it would be a much better idea to start a new thread on the topic instead of derailing this one.
_________________
Nothing posted here should be construed as the opinion or position of my company, or an official position of WrongPlanet in any way, unless specifically mentioned. |
|
| Back to top |
|
|
|
