Is your Firefox blocked by Cloudflare in recent weeks? (e.g., Gitlab)

This is a growing problem. As far as I'm aware, Cloudflare does not collect or report these type of metrics because if they did, they could be abused.

There is no way to actually know who is or isn't a bot. The methodology for bot detection changes dramatically, isn't published, often isn't well tested, and fails to fully capture turing tests in any meaningful way. Its all about forcing more requirements on the user, where the more unique the user is, the more likely its a user and counting all blocks as a net win. The only problem is it drives surveillance capitalism, and its a flawed assumption.

Maybe you should start an end-user Firefox extension/platform that aggregates where it checks for these, and allows the user to self-report when it fails (or detect and show repeat failures.

All the time. How the hell did the world decide to elect this company gatekeeper of what was supposed to be the world wide web? How did this corporation suddenly assume powers to block what was supposed to be the most open communications medium of all time?

...odd isn't it?

> I see a various complaints about CloudFlare blocking GitLab online, with various explanations. Sometimes, the user is blamed for not figuring out how they're not complying with whatever CloudFlare is trying to do (like the user is some divergent citizen, to be denied rights, in some Kafkaesque authoritarian police state).

You should blame Gitlab too, they configured it.

Since cloudflare was mentioned I figured it was tls fingerprinting and bot detection related. Issue and workaround discussed at https://gitlab.com/gitlab-com/gl-infra/reliability/-/issues/...

I can repro this in Chrome too when I have NextDNS as the DNS through our fiber connection. If I for example switch my phone to 4G it will let me through. I haven't dug into it yet as to why, there's nothing in the NextDNS block logs that looks relevant. But interestingly enabling NextDNS over 4G doesn't break it with the same settings.

I did take the rather unprecedented approach to blocking all DNS traffic to anything but our router (because Android was ignoring my DNS settings and using its own... ), breaking my internal dns resolution. Making DNS queries wonder from JS would be new to me... (I didn't think that was possible).

I'll dig more tonight.

I don't use GitLab but I do use Firefox for almost all my home and work browsing[1] and haven't had this problem with other sites which use cloudflare. I do use both ublock origin and advanced tracking protection always so I'm going to say the problem is with some configuration gitlab is doing rather than with cloudflare.

[1] Exceptions being mobile, if I am specifically testing something and certain work situations where I am currently testing a locked-down web browser called "island"[2] which seems to be a chrome fork which gives Enterprise IT control over a bunch of stuff.

[2] https://www.island.io/

I've stopped visiting couple of sites because of CloudFlare. I keep using old Firefox with no scripts or ocassionally with uMatrix.

Cloudflare put me in a never-ending loop when trying to access SourceForge from Edge with default settings, on my home network, with no VPN or anything. Maybe because it was my infrequently used laptop that probably doesn’t have all the latest updates yet?

I have no idea what the problem was, but the “verify you’re human” thing never worked. Pretty annoying…

I don't use GitLab that often, but I've never had any issue with it. I'm rarely if ever logged into my account when I stumble there. Latest was yesterday morning.

I'm using latest Firefox on Linux, with advanced tracking protection as well as uBlock Origin and uMatrix for good measure. The latter isn't configured to turn itself off on Gitlab.

>I suspect that sites don't know when CloudFlare is false-positive blocking legitimate visitors and costing them customers

So let them know. Put a value on it too. Then maybe they’ll be more careful in dismissing “false positives” as a business cost (especially for someone like GitLab competing for business).

I get the CF deathloop if any of the options related to Referer are not default.

I've had no issues accessing sites using CloudFlare in Firefox myself.

I use Firefox Developer Edition exclusively and work using GitLab (SaaS) daily. I also have uBlock Origin installed. I have never had an issue.

These days, when I encounter a cloudflare "solve this captcha" page I hit C-w so fast it's probably illegal

its maybe just the site your visiting on that has traffic.

for instance i have noticed the same on the chatgpt page. I have to "verify" a lot which is just another sign for "we are overloaded at the moment"

At least thats how i interpreted it so far. Im using Ferdium which has integrated firefox

I wouldn’t know, for Gitlab disabled my account name of 7 years due to inactivity.

Only old.reddit for some short time, but this was resolved soon

Yes! The worst part about it is the infinite loop of captchas.

Nop, although I'm using librewolf.

Don't support Cloudflare by moving to another platform or just use chrome. There is no point in using firefox for privacy if you have to turn fingerprinting in regardless (that's the workaround).