Most active commenters

    ←back to thread

    Tell HN: Cloudflare is blocking Pale Moon and other non-mainstream browsers

    1343 points Hold-And-Modify | 17 comments | 05 Feb 25 19:08 UTC | HN request time: 1.049s | source | bottom

    Hello.

    Cloudflare's Browser Intergrity Check/Verification/Challenge feature used by many websites, is denying access to users of non-mainstream browsers like Pale Moon.

    Users reports began on January 31:

    https://forum.palemoon.org/viewtopic.php?f=3&t=32045

    This situation occurs at least once a year, and there is no easy way to contact Cloudflare. Their "Submit feedback" tool yields no results. A Cloudflare Community topic was flagged as "spam" by members of that community and was promptly locked with no real solution, and no official response from Cloudflare:

    https://community.cloudflare.com/t/access-denied-to-pale-moo...

    Partial list of other browsers that are being denied access:

    Falkon, SeaMonkey, IceCat, Basilisk.

    Hacker News 2022 post about the same issue, which brought attention and had Cloudflare quickly patching the issue:

    https://news.ycombinator.com/item?id=31317886

    A Cloudflare product manager declared back then: "...we do not want to be in the business of saying one browser is more legitimate than another."

    As of now, there is no official response from Cloudflare. Internet access is still denied by their tool.

    Show context
    zlagen ◴[05 Feb 25 19:35 UTC] No.42953898[source]
    I'm using chrome on linux and noticed that this year cloudflare is very agressive in showing the "Verify you are a human" box. Now a lot of sites that use cloudflare show it and once you solve the challenge it shows it again after 30 minutes!

    What are you protecting cloudflare?

    Also they show those captchas when going to robots.txt... unbelievable.

    replies(17): >>42954054 #>>42954451 #>>42954784 #>>42954904 #>>42955172 #>>42955240 #>>42955949 #>>42956893 #>>42957248 #>>42957383 #>>42957406 #>>42957408 #>>42957698 #>>42957738 #>>42957782 #>>42958180 #>>42960458 #
    1. rurp ◴[05 Feb 25 21:14 UTC] No.42955240[source]
    Cloudflare has been even worse for me on Linux + Firefox. On a number of sites I get the "Verify" challenge and after solving it immediately get a message saying "You have been blocked" every time. Clearing cookies, disabling UBO, and other changes make no difference. Reporting the issue to them does nothing.

    This hostility to normal browsing behavior makes me extremely reluctant to ever use Cloudflare on any projects.

    replies(11): >>42955435 #>>42955476 #>>42955584 #>>42956165 #>>42956734 #>>42956862 #>>42957307 #>>42957578 #>>42957641 #>>42958547 #>>42958853 #
    2. nbernard ◴[05 Feb 25 21:29 UTC] No.42955435[source]
    Check that you are allowing webworker scripts, that did the trick for me. I still have issues on slower computers (Raspberry pies and the like) as they seem to be to slow to do whatever Cloudflare wants as a verification in the allotted time, however.
    3. lta ◴[05 Feb 25 21:32 UTC] No.42955476[source]
    Yeah, same here. I've avoided it for a most of my customers for that very reason already
    4. sleepybrett ◴[05 Feb 25 21:40 UTC] No.42955584[source]
    Yeah, Lego and Etsy are two sites I can now only visit with safari. It sucks. Firefox on the same machine it claims I'm a bot or a crawler. (not even on linux, on a mac)
    5. mmh0000 ◴[05 Feb 25 22:24 UTC] No.42956165[source]
    At least you can get past the challenge. For me, every-single-time it is an endless loop of "select all bikes/cars/trains". I've given up even trying to solve the challenge anymore and just close the page when it shows up.
    replies(1): >>42957863 #
    6. a_imho ◴[05 Feb 25 23:15 UTC] No.42956734[source]
    I'm a Cloudflare customer, even their own dashboard does not work with linux+slightly older firefox. I mean one click and it is ooops, please report the error to dev null
    7. ponector ◴[05 Feb 25 23:27 UTC] No.42956862[source]
    Sounds like my experience browsing internet while connected to the VPN provided by my employer: tons of captcha and everything is defaulted to German (IP is from Frankfurt).
    8. Springtime ◴[06 Feb 25 00:16 UTC] No.42957307[source]
    I run a few Linux desktop VMs and Cloudflare's Turnstile verification (their auto/non-input based verification) fails for the couple sites I've tried that use it for logins, on latest Chromium and Firefox browsers. Doesn't matter that I'm even connecting from the same IP.

    I'd presumed it was just the VM they're heuristically detecting but sounds like some are experiencing issues on Linux in general.

    replies(1): >>42958329 #
    9. neodymiumphish ◴[06 Feb 25 00:51 UTC] No.42957578[source]
    Does it still apply if you change the UA to something more common (Chrome on Windows or something)?
    replies(1): >>42957997 #
    10. theamk ◴[06 Feb 25 01:32 UTC] No.42957863[source]
    that's not Cloudflare, they stopped doing pictures years ago. You can tell because Cloudflare always puths their brand name on their page.

    Cloudflare just blocks you without recourse nowdays.

    replies(2): >>42957935 #>>42960468 #
    11. jcelerier ◴[06 Feb 25 01:44 UTC] No.42957935{3}[source]
    > Cloudflare just blocks you without recourse nowdays.

    looks like someone is due for a class action

    12. beepbooptheory ◴[06 Feb 25 01:50 UTC] No.42957997[source]
    Fwiw, I was getting cloudflare blocked for a long time on Firefox+Linux and the only thing that fixed it was completely disabling the UA adjuster browser extension I had installed.
    13. abirch ◴[06 Feb 25 02:35 UTC] No.42958329[source]
    I guess it’s time to update our user agent strings like I did with konquerer 20 years ago.

    Looks like there’s a plugin for that https://chromewebstore.google.com/detail/user-agent-switcher...

    14. ranger_danger ◴[06 Feb 25 03:11 UTC] No.42958547[source]
    The problem is that you are not performing "normal browsing behavior". The vast majority of the population (at least ~70% don't use ad-blockers) have no extensions and change no settings, so they are 100% fingerprintable every time, which lets them through immediately.
    15. globalnode ◴[06 Feb 25 03:50 UTC] No.42958853[source]
    linux + firefox. not sure what happened to me yesterday but the challange/response thing was borked and when i finally got through it all, it said i was a robot anyway. this was while trying to sign up for a skype acct, could have been a ms issue though and not necessarily cloudflare. i think the solution is to just not use obstructive software. thanks to this issue i discovered jitsi and that seems more than enough for my purposes.
    16. trinix912 ◴[06 Feb 25 08:56 UTC] No.42960468{3}[source]
    It is Cloudflare, I see it too. It's a Cloudflare page, with all branding, the spinning circle, then a captcha pops up on the same Cloudflare-branded page.
    replies(1): >>42966342 #
    17. theamk ◴[06 Feb 25 20:48 UTC] No.42966342{4}[source]
    Interesting! Do you have have a URL I could look at?