Tell HN: Cloudflare is blocking Pale Moon and other non-mainstream browsers

1343 points Hold-And-Modify | 3 comments | 05 Feb 25 19:08 UTC | HN request time: 0.657s | source

Hello.

Cloudflare's Browser Intergrity Check/Verification/Challenge feature used by many websites, is denying access to users of non-mainstream browsers like Pale Moon.

Users reports began on January 31:

https://forum.palemoon.org/viewtopic.php?f=3&t=32045

This situation occurs at least once a year, and there is no easy way to contact Cloudflare. Their "Submit feedback" tool yields no results. A Cloudflare Community topic was flagged as "spam" by members of that community and was promptly locked with no real solution, and no official response from Cloudflare:

https://community.cloudflare.com/t/access-denied-to-pale-moo...

Partial list of other browsers that are being denied access:

Falkon, SeaMonkey, IceCat, Basilisk.

Hacker News 2022 post about the same issue, which brought attention and had Cloudflare quickly patching the issue:

https://news.ycombinator.com/item?id=31317886

A Cloudflare product manager declared back then: "...we do not want to be in the business of saying one browser is more legitimate than another."

As of now, there is no official response from Cloudflare. Internet access is still denied by their tool.

Show context

slothsarecool ◴[05 Feb 25 21:14 UTC] No.42955234[source]▶

>>42953508 (OP) #

Cloudflare is actually pretty upfront about which browsers they support. You can find the whole list right in their developer docs. This isn't some secret they're trying to hide from website owners or users - it's right here https://developers.cloudflare.com/waf/reference/cloudflare-c... - My guess is that there is no response because not one of the browsers you listed is supported.

Think about it this way: when a framework (many modern websites) or CAPTCHA/Challenge doesn't support an older or less common browser, it's not because someone's sitting there trying to keep people out. It's more likely they are trying to balance the maintenance costs and the hassle involved in allowing or working with whatever other many platforms there are (browsers in this case). At what point is a browser relevant? 1 user? 2 users? 100? Can you blame a company that accommodates for probably >99% of the traffic they usually see? I don't think so, but that's just me.

At the end, site owners can always look at their specific situation and decide how they want to handle it - stick with the default security settings or open things up through firewall rules. It's really up to them to figure out what works best for their users.

replies(3): >>42955422 #>>42956415 #>>42966774 #

Hold-And-Modify ◴[05 Feb 25 21:28 UTC] No.42955422[source]▶

>>42955234 #

Not exactly. They say:

"Challenges are not supported by Microsoft Internet Explorer."

Nowhere is it mentioned that internet access will be denied to visitors not using "major" browsers, as defined by Cloudflare presumably. That wouldn't sound too legal, honestly.

Below that: "Visitors must enable JavaScript and cookies on their browser to be able to pass any type of challenge."

These conditions are met.

replies(2): >>42955634 #>>42959835 #

slothsarecool ◴[05 Feb 25 21:43 UTC] No.42955634[source]▶

>>42955422 #

> * If your visitors are using an up-to-date version of a major browser * > * they will receive the challenge correctly. *

I'm unsure what part of this isn't clear, major browsers, as long as they are up to date, are supported and should always pass challenges. Palemoon isn't a major browser, neither are the other browsers mentioned on the thread.

> * Nowhere is it mentioned that internet access will be denied to visitors not using "major" browsers *

Challenge pages is what your browser is struggling to pass, you aren't seeing a block page or a straight up denying of the connection, instead, the challenge isn't passing because whatever update CF has done, has clearly broken the compatibility with Palemoon, I seriously doubt this was on purpose. Regarding those annoying challenge pages, these aren't meant to be used 24/7 as they are genuinely annoying, if you are seeing challenge pages more often than you are on chrome, its likely that the site owner is actively is flagging your session to be challenged, they can undo this by adjusting their firewall rules.

If a site owner decides to enable challenge pages for every visitor, you should shift the blame on the site owners lack of interest in properly tunning their firewall.

replies(2): >>42955782 #>>42956561 #

1. ricardobeat ◴[05 Feb 25 21:53 UTC] No.42955782[source]▶

>>42955634 #

So.. no new browsers should ever be created? Or only created by people with enough money to get CloudFlare onboard from the start? Nothing new will ever become major if they're denied access to half the web.

replies(1): >>42955932 #

2. slothsarecool ◴[05 Feb 25 22:04 UTC] No.42955932[source]▶

>>42955782 (TP) #

You can create a new browser, there are plenty of modern new browsers that aren't considered major and work just fine because they run on top of recent releases of chromium.

There are actually hundreds of smaller chromium forks that add small features, such as built-in adblock and have no issues with neither Cloudflare nor other captchas.

replies(1): >>42955944 #

3. ricardobeat ◴[05 Feb 25 22:05 UTC] No.42955944[source]▶

>>42955932 #

I think it's pretty clear this is about browser engines. If your view holds then Servo (currently #3 story in front page) will never make it.

↑