Aside from reporting it on Cloudflare’s forum, there appears to be little users can do, and the company doesn’t seem to be paying attention.
Cloudflare is one of the giants of content distribution network. As well as providing fast local caches of busy websites, it also attempts to block bot networks and DDoS attacks by detecting and blocking suspicious activity. Among other things, being “suspicious” includes machines that are part of botnets and are running scripts. One way to identify this is by looking at the browser agent and, if it’s not from a known browser, blocking it. This is a problem if the list of legitimate browsers is especially short and only includes recent versions of big names such as Chrome (and its many derivatives) and Firefox.
The problem isn’t new, and whatever fixes or updates occasionally resolve it, the relief is only temporary and it keeps recurring. We’ve found reports of Cloudflare site-blocking difficulties dating back to 2015 and continuing through 2022.
In the last year, The Register has received reports of Cloudflare blocking readers in March, again in July 2024, and earlier this year in January.
Users of recent versions of Pale Moon, Falkon, and SeaMonkey are all affected. Indeed, the Pale Moon release notes for the most recent couple of versions mention that they’re attempts to bypass this specific issue, which often manifests as the browser getting trapped in an infinite loop and either becoming unresponsive or crashing. Some users of Firefox 115 ESR have had problems, too. Since this is the latest release in that family for macOS 10.13 and Windows 7, it poses a significant issue. Websites affected include
science.org,steamdb.info,convertapi.com, and – ironically enough –community.cloudflare.com.According to some in the Hacker News discussion of the problem, something else that can count as suspicious – other than using niche browsers or OSes – is something as simple as asking for a URL unaccompanied by any referrer IDs. To us, that sounds like a user with good security measures that block tracking, but it seems that, to the CDN merchant, this looks like an alert to an action that isn’t operated by a human.
Making matters worse, Cloudflare tech support is aimed at its corporate customers, and there seems to be no direct way for non-paying users to report issues other than the community forums. The number of repeated posts suggests to us that the company isn’t monitoring these for reports of problems.
[…]
Source: Cloudflare blocking Pale Moon and other browsers • The Register
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft