←back to thread

Tell HN: Cloudflare is blocking Pale Moon and other non-mainstream browsers

1343 points Hold-And-Modify | 3 comments | 05 Feb 25 19:08 UTC | HN request time: 0.204s | source

Hello.

Cloudflare's Browser Intergrity Check/Verification/Challenge feature used by many websites, is denying access to users of non-mainstream browsers like Pale Moon.

Users reports began on January 31:

https://forum.palemoon.org/viewtopic.php?f=3&t=32045

This situation occurs at least once a year, and there is no easy way to contact Cloudflare. Their "Submit feedback" tool yields no results. A Cloudflare Community topic was flagged as "spam" by members of that community and was promptly locked with no real solution, and no official response from Cloudflare:

https://community.cloudflare.com/t/access-denied-to-pale-moo...

Partial list of other browsers that are being denied access:

Falkon, SeaMonkey, IceCat, Basilisk.

Hacker News 2022 post about the same issue, which brought attention and had Cloudflare quickly patching the issue:

https://news.ycombinator.com/item?id=31317886

A Cloudflare product manager declared back then: "...we do not want to be in the business of saying one browser is more legitimate than another."

As of now, there is no official response from Cloudflare. Internet access is still denied by their tool.

Show context
windsignaling ◴[05 Feb 25 21:30 UTC] No.42955454[source]
As a website owner and VPN user I see both sides of this.

On one hand, I get the annoying "Verify" box every time I use ChatGPT (and now due its popularity, DeepSeek as well).

On the other hand, without Cloudflare I'd be seeing thousands of junk requests and hacking attempts everyday, people attempting credit card fraud, etc.

I honestly don't know what the solution is.

replies(15): >>42955722 #>>42955733 #>>42956022 #>>42956059 #>>42956088 #>>42956502 #>>42957016 #>>42957235 #>>42959074 #>>42959436 #>>42959515 #>>42959590 #>>42963545 #>>42963562 #>>42966987 #
1. lynndotpy ◴[05 Feb 25 22:50 UTC] No.42956502[source]
> On the other hand, without Cloudflare I'd be seeing thousands of junk requests and hacking attempts everyday, people attempting credit card fraud, etc. > > I honestly don't know what the solution is.

The solution is good security-- Cloudflare only cuts down on the noise. I'm looking at junk requests and hacking attempts flow through to my sites as we speak.

replies(2): >>42963467 #>>42964184 #
2. lynndotpy ◴[06 Feb 25 15:46 UTC] No.42963467[source]
Whoops-- this was a draft I didn't intend to post in this state. I must have fatfingered the "reply" button somehow. Alas, too late to edit or delete now.

Cloudflare cuts down on the noise, but also helps does the work of preventing scrapers, people who re-sell your site wholesale, and cutting down on the noise also means cutting down on the cost of network requests.

It also can help where security is lax. You should have measures against credential stuffing, but if you don't, Cloudflare might prevent (some) of your users from being hacked. Which isn't good enough, but is better than no mitigation at all.

I don't use Cloudflare personally, but I won't dismiss it wholesale. I understand why people use it.

3. carlosjobim ◴[06 Feb 25 16:50 UTC] No.42964184[source]
>Cloudflare only cuts down on the noise.

That sounds like the solution, that sounds like good security.