Cloudflare Drop(cloudflare.com) |
Cloudflare Drop(cloudflare.com) |
Desktop mode doesn't show any more information either
And then sell its denizens malice protection services.
Kevlar:
https://developers.cloudflare.com/bots/ https://www.cloudflare.com/products/turnstile/
Guns:
https://support.cloudflarewarp.com/
To be fair, CF mainly develops defensive cybersecurity products, the extent to which their tools might be used maliciously is pretty on par with other regular tools.
But, it just has bad optics and potential COI/Racketeering when CF is at both sides of the counter.
To be explicit, in case it isn't obvious,Cloudflare emerged as a DDoS protection company, detecting attacks from distributed sources is part of the raison d'etre, and domains and IP addresses are a key part of that infrastructure.
By subletting their own IP addresses for navigation with warp, and their own domains for hosting of webcontent with subdomain hosting, they are providing pooled anonimity for their customers, which is precisely what makes it very hard for defenders on the other side to implement foundational security measures like IP bans, or IP block bans, or domain bans, or Whois/RDAP domain analysis.
I have been hosting static websites with cloudflare for years and finding how to do it on the UI is getting harder as they add more things and reoranize.
But that won't stop people doing bad stuff for an hour I guess. Vibe code up some on-demand thing that you ping...
I have no idea what guardrails they have in place in the background that blocks malware, CSAM, warez and such on their free accounts.
I honestly miss those days of deployment simplicity.
Also it seems to me that this is a good way to exfiltrate data, rubber stamped by cloudflare themselves.
Is this a product or what? What's the purpose? Is there an API?
I ended up just embedding them directly in the HTML as base64 and sending him a 15mb file, but hypothetically this would have been a nice solution instead.
However, I see the appeal of this. Kind of surprised it hasn't happened yet to be honest.
I tried uploading a git repository that I have previously successfully published on Github pages. This is a "no build" website I have built with the help of Claude. It should just work but I keep getting an error. Who can I reach out to give them steps to reproduce? The website repository is public and I feel like anyone at Cloudflare who wants to reproduce my problem can quite literally clone my repo and upload it to cloudflare drop.
Please drop your cloudflare email address and I will reach out to you with my repository information.
I have a few qualms with this app.
"Something went wrong An unexpected error occurred. Please try again or contact support."
"Please upload a screenshot of the error by dragging a zip of the png file."
Note how the error has zero information.
Looking in the network tab, a POST request to /upload returned 403 and an HTML page starting with "Sorry, you have been blocked", and to "email the site owner to let them know you were blocked".
I'm very tired of this adversarial approach to software coupled with vague errors.
EDIT: it was the file './git/hooks/fsmonitor-watchman.sample' created by default on git init. Maybe because it's Perl. Worse-than-useless "please try again" and "you've been blocked" for committing the sin of uploading a folder that's a git repository. Sigh...