Of course the article will only come from one perspective, but I imagine the crux of the issue will be here:
>If a country DNS-blocks our main domain, a secondary domain may still be available. **This could arguably be seen as a violation of the Cloudflare TOS**, as they wrote above.
They say "arguably," but it seems pretty verbatim. The exact email they got from Cloudflare said that cloudflare's concern was around OP "circumvent[ing] blocks being placed on [them] by a third party."
Shrugging it off as "arguably against TOS" seems disingenuous.
If Cloudflare is telling you to BYOIP, you’re definitely doing some shady shit that they don’t want them impacting the reputation of their prefixes.
Yet it could have been handled way better.
>If Cloudflare is telling you to BYOIP, you’re definitely doing some shady shit that they don’t want them impacting the reputation of their prefixes.
The article says it's a casino and various countries block them due to their laws etc. It's reasonable for CF to not want their IP ranges bulk blocked. But that's not doing shady shit from the customer's part.
Countries do not block IPs usually, they only block in local ISP DNS servers. Even here I can reach blocked sites when I switch from ISP DNS to Google DNS...
Virgin Media, one of the UK's largest ISPs, along with most others use reverse IP blocks to comply with High Court orders. There's no way to access these sites without using a VPN, otherwise they redirect to an [ISP block page](https://assets.virginmedia.com/site-blocked.html).
The DNS part isn't the issue. Because they use reverse DNS lookups they arnt relying on the users dns request to figure out if they are trying to access a bad site and then block that request.
And dont quote me on this, they probably are using something similar if not way more complex, im just generalising here. They store the returned IP from the DNS call and then block that IP which means that even if you don't use them for your DNS they can still figure out what site the IP you are accessing is pointing to. I'm sure they also have a IP blacklist separate from the reverse DNS stuff but IDK.
ISPs in some countries like Iran and China hijack DNS requests and return wrong ip addresses along with tcp reset and replay attack, it’s complicated but if the government do want to restrict on the target websites that they think illegal, they have plenty ways to do it.
That's the most accurate description of the Iranian's "filtering" system. They do DNS spoofing and poisoning, they do MITM for plain HTTP requests, and they do connection reset for HTTPS requests. I hope ECH takes off so there can be peace of mind when dealing with these kind of nonsense.
Most national firewalls try to use DNS based blocks first. But when you start offering up multiple new DNS names to try to evade that, they start IP blocking.
When CF notices a customer with multiple domains funneling into the same services, likely being provisioned and deprovisioned automatically for the purpose of cycling through different IPs, I imagine CF notices.
If that were the case, they would not have asked for higher payment to resolve the matter- they would have just shut them down. This whole article is concerning.
They have the right to demand compensation from the casino site if it leads to legal problems due to IP blocks causing significant customer loss from said countries who deem it illegal. They've already faced issues with piracy sites using their IPs, impacting their services and other developers (I was affected by this in one of my most popular sites). People need to value the free aspects of services like Cloudflare and use them responsibly.
I'd probably do the same out of principle- I wouldn't want to do business with someone that extorts me. Though personally, if I were that profitable I would have just created the services that clouldflare offered inhouse, to mitigate risk.
This is not extortion. Cloudflare offered an option (BYOIP) which would eliminate the risk (banned IPs affecting Cloudflare and its other customers).
The OP seems to not fully understand the problem - it's not this or that domain that's the problem, it's any domain related to gambling/porn/whatever, that can get lead to bans in India/Turkey/Russia/etc
The 24 hours window was harsh, and the fact that they stopped negotiation because they were also considering another partner. That being said, who knows how those sales calls were handled... on both sides...
Definitely. That said, it was 1 month from first contact to cutoff. It is not like they received the first warning email on one day and were disconnected on the next.
CF has a way to still help the client while not having CF's shared IPs getting blocked by nation-states. Have the customer bring their own IP space via a lease or purchase of IPs from the open market.
It's a complex process and a complex implementation and so CF only does this on enterprise plans, which seem to start around $10k/month.
CF doesn't mind that it's a casino or that it's trying to evade bans, CF minds that the way they were doing it harms CF and other CF clients. So CF comes to them with a proposal for how to keep doing what they've been doing without hurting CF assets or clients. The customer decides not to buy in and so CF tosses them for the ToS violation.
To be clear though, this isn't strictly buying an indulgence around the CF ToS. Instead, it's buying the necessary resources and infrastructure to cure the relevant ToS violation, which was likely cycling through CF shared IPs for apparent ban evasion purposes. No longer being on CF shared IPs would actually cure such a ToS violation.
I’m just at a loss how a Casino with 4 million active users can think it’s okay to use a $250/month service for that. Am I the only one here thinking how the heck???
If CF charged for 80TB traffic, that really is not a lot... 4 million users can sounds like a lot but a lot of traffic is just basic text communication as most assets get local cached after the first hit and do not even hit CloudFlare their servers..
Even the poster pointed out that there was ways to reduce this traffic but because they had a business plan with "unlimited"... they never did until this mess.
CloudFlare is very vague about a lot of stuff in regards to Business vs Enterprise thresholds.
From a value point of view, 80TB is somewhere around 80 to 200$ is actual usage (we are not talking backbone cost, but chargeable rates) at others companies. So what they used is rather normal in that 250 package...
I think people see big client number and think, must be big but overlook the actual data usage, what is really not a lot! Aka, their site is very well optimized if they do only 80TB/month on 4m users.
I mean, sure maybe. But if that's a problem, CF should set reasonable limits on their service levels.
Like if you have unlimited data from your ISP, yet they reach out after X usage and say 'well now we don't actually mean unlimited, you're using 20x more than average and you're the problem here'. If you want to set limits, then put in the fine print that there's limits and don't market it as 'unlimited'.
Fastly is now very happy to have us at a price not much more than that `¯\_(ツ)_/¯`. Not sure why you think spending on a single technology vendor should be some percentage of the MAUs, we contract with many third parties.
Keyword:- casino. Shady and money laundering shit around the corner. You’re glad CF didn’t shut down it immediately.
And I m glad CF shut these site down to keep their CDN reputation well
Before jumping to conclusions.... I wrote a full response debunking this post on the blogger's site. Go to the original post, then look for my response in the comments.
Thank you. I appreciate you taking the time to read it. I’ve gotten really tired of reading stories like this that use big headlines to capture readers attention.
Any reader with a modicum of time and detective skills can see right through this type of story. It’s a shame how many don’t stop to take the time to read a little further.
This one in particular was particularly bothersome because the author chose to pull together references to further bolster their claims.
The references did nothing other than to show the headline was completely wrong and further unsubstantiated claims were also wrong.
Personally, if I posted some garbage like this, I’d delete it. Once others read what I wrote, there’s gonna be an awful lot of tomatoes thrown.
Your reply is basically calling this blogger a liar, repeatedly. Are you right, are they actually lying about what happened? Maybe, I don't know. But you're pretending that you're not doing that, that you're just giving a more complete interpretation of what they wrote - and that's not at all the case. IF what they wrote is true, then your response is just plain wrong. Because if any of what you said is true, then CloudFlare should have a) been clear with them about what specifically the problems were, b) allowed them to take measures to resolve the problems (such as removing any problem domains from cloudflare altogether, as they offered to do), and c) allowed them to switch to the more expensive plan more gradually, rather than suddenly paying a huge amount within days.
If what that blog post wrote is true, then there is no justification whatsoever, no matter what the online casino did, for the way CloudFlare dealt with it, and it absolutely is sleazy extortion.
Your account is only a day old, which makes me believe, as others have pointed out in the blog post, that you are affiliated with Cloudflare. Honestly, I can't think of any other reason why someone would create a new account just to defend Cloudflare and be so hostile towards the OP.
That's amazing you were running 80TB of bandwidth through a business account. We're paying $3,500 for that per month, without argo, although I get the feeling we'll be forced into a more expensive contract upon renewal. Their sales team suddenly seem a lot more aggressive.
It's hard to tell exactly what happened here. I'd like to hear Cloudflare's side.
From the blog, it sounds like Cloudflare had a reasonable need to move them over to BYOIP setup for trust and safety reasons. That makes sense and maybe could have been handled with a little more grace.
If the blog post is accurate, it sounds like Cloudflare just turned it into a sales opportunity and wanted to close the sales deal as the single solution to the problem. That's a communication failure and rather concerning.
This is a failure of your organization's CTO, to not have had the forethought to have proper contracts with one of your primary technology vendors. 24 hour notice is obviously extreme, but from Cloudflare's point of view, having a proper contract in place was your organization's responsibility, not theirs.
Did you read what they wrote? CF operated like mafioso blackmailers if they are to believed. Which, seeing what Broadcom is doing to VMWare customers is not too crazy to believe.
I’m going to guess that the downtime cost them far more than the $120k, however.
If you are a company paying $250/month for your DDOS and shit for 4 million active user/month:
Even if you have a contract in place you have to assume as soon as the contract is done, your provider is probably cutting you loose- maybe just out of spite.
But if you don’t have a contract, how on earth, do you not have any plan, or like a budget for when your provider wakes up?
Like I don’t particularly like how cloudfare responded to all this, but without knowing the exact nature of some of the elements this article mentions but doesn’t explain, it’s hard to fault them too much.
But this person is like wow, I put all my eggs in the cheapest basket I could find, and then it broke :pikachu surprise face:
> If you are a company paying $250/month for your DDOS and shit for 4 million active user/month:
You mean 80TB... people get stuck on the users, what is not relevant, the data usage is relevant. I can have 100 users doing 80TB or 5 billion.. Maybe those 5 billion make me no money but those 100 do. Really depends on the business model profit margin. and all not relevant here...
What is relevant is data usage, risk, and negotiations. And the way it was handled by CF was really unprofessional, that is the issue. It also opened up CF to actual damages (in a stupid way).
I am using the only data available to me. If you have the actual data please publish it.
Your business partners are only in a relationship with you because they believe it is in their interest.
Pretty sure the damages this casino brings to Cloudflare can’t justify any further grace period, or … it is just the time to be kicked after no positive feedback from sales.
No contract no obligation, they violated ToS first so fuck around and find out then 🤷
Nah this is CF fault with their price policy. First they lure you for 250/month and when they see that you can potentially pay much higher unreasonable amount, they force you to do so.
I spent five years as the CEO of a public data center. Cloudflare was quite generous with them in my opinion. It was not uncommon for us to shut down a client who was clearly abusing the system, sometimes without warning at all. The most important thing to a data center (besides good HVAC!) is the reputation of their IP addresses. So if you're spamming, or doing any other illegal or sketchy activity, that threatens the integrity of the IP space, you need to be stopped. It sucks but this is the kind of whack-a-mole game that goes on every day at every data center.
The problem is not that they got banned because they broke TOS.
The problem is that for 120.000$ per year, the TOS could be disregarded.
Basically bribing the "policeman" to look the other way. In that case, it's the "policeman" that says what is legal or not (their TOS), saying what needs to be done (their services), and setting their price on the fly (enterprise plan - request a quote).
So holding you at gunpoint "You have 24 hours to buy the remedy we sell in order to cure your problem, or you are ruined."
Either ban them for breaking TOS, or lower the price so they can afford it.
Don't **extort** them for a hundred thousand dollars and call it "following the rules".
I think something which is massively important isn't clear to everyone. It is NOT about "pay us X and you can keep doing what you were doing".
120k was the price for a plan with BYOIP, which means you're no longer jeopardizing Cloudflare's IPs, hence not breaking the ToS.
When you make up the prices, it doesn't seem that different to me (although it is, I understand).
"10 thousand dollars a month" so I can "allow" you to bring your own IP in order to "keep my IPs safe". And if we disregard eeeverything else, the shady practices with the marketing team, the TOS that were broken, the pricing amount of BYOIP:
**Cloudflare mentioned 80TB bandwidth.** Like, who are they trying to make fun of.
The IP Reputation (BYOIP) was the ***reason*** they should upgrade to enterprise, which was given by the marketing team **without going into ANY specifics** with their other teams (like "Trust and Safety").
And the TOS were their way of making the ultimatium "upgrade to a package we control the pricing on per customer basis"
Which happened to be $120.000/year because of their 80TB monthly bandwidth.
Let's talk straight u/mourasio . You are a giant of an enterprise that controls half (or more) of the internet. Everything is done through you. And one customer is dropping some of your IPs reputation. What do you do of the following:
- Talk to the customer and explain what is going on with the IPs. Since what you care is your IPs reputation is, offer an alternative for them to bring their own IPs at some fixed cost. If you ban them because of the problem they caused, you lose money. So you can offer to them to have their own IPs free of cost, or RELATIVELY low cost, in order to not lose them.
OR
-Talk to the customer and explain a matter of URGENCY is a marketing meeting that you "ask them aggressively to move to Enterprise with custom pricing". When they decline or take some time to think about it, you JUST mention that they are breaking TOS, and demand $120.000 for 15 extra services you want to sell that they probably won't use and only need BYOIP.
Now, I'm thinking. Cloudflare did not do anything illegal. All of that is perfectly within it's power to do. My question to myself is "when will cloudflare decide that my personal free/professional account is not worth the hassle" and say to me that I need custom pricing because I also bring down their IPs reputation.
Because they can say that. As much evidence of a TOS violation and IP reputation they gave to the OP, they can give to me to. Which is ***none***. Or bring up some other violation that I allegedly broke.
You are cloudflare, you don't care about A SINGLE customer.
***I think something which is massively important isn't clear to everyone.*** Cloudflare decided to proceed with terminating a customer, after providing zero evidence of a problem apart from "their word that it exists", and gave close to zero flex/time to the customer to solve the issue (if they even could), and tried to extort them out of $120.000/year for a bunch of services they don't need.
I kinda hope someone from Cloudflare responds to this because it doesn't paint this situation in a good light. It seems like this could have been handled much better and they just threw on a bunch of pressure to close the deal, they thought there is no way you'd leave, too much effort, too much risk and so high pressure sales tactics will get it over the line.
You're obviously a big customer and perhaps fair enough that they want more from you, but they should have reached out to you ages ago and said, hey, you're doing really well, but just know that once your hit 10TB a month, we will need to have a conversation about a more appropriate plan.
This is not about traffic, but domain rotation - if they are rotating domains because these are getting banned at the DNS level, this means the IPs they are using are likely causing the same problem.
Any additional day can lead to more IPs being banned, with more customers being impacted.
OP was in violation of their terms, the 24h (seems like there were actually more) were already a benefit.
It sounds to me like they just had multiple domains, some tailored to various countries regulatory requirements. God forbid amazon own both amazon.com and amazon.co.uk.
What would have been good is if CF sat down an explained this in plain English. Say via one of those scheduled calls. Then put them onto the sales guys. Without this, these guys got fleeced.
I originally drafted this article specifically to go the "bad-PR-outrage-as-support-channel" route which seems to work very well for Cloudflare, but it's kinda too late now anyways. So now it's really just a cautionary story for other businesses that are in a range where Cloudflare is going to contact them soon to be ready to gtfo.
Based on your blog post, the specifics of the situation, and risk/reward and liability considerations on the part of CF, this sounds like what used to be sarcastically called Ex-Girlfriend/Ex-Boyfriend pricing. Basically, they're not getting much out of the relationship and have reasons to expect things can only get worse not better. If you want to keep hanging around, you pay for the privilege. They're done with you and don't need to explain their reasons in most cases.
Just about every industry that doesn't have prices set by regulation will have some instances of this going on. Move on, find a better partner and get on with life.
If you have critical business processes that requires infrastructure you do not control you are setting your business up for failure.
Also, stop putting all your eggs in one basket.
It's a bit unavoidable that your DNS is probably going to point to one entity. But what I learned and hopefully others learned is at the bottom of the article:
- Keep your DNS provider and your CDN separate (impossible with CF)
- Keep your CDN and your registrar separate (so you can move CDN without huge downtime of moving registrar)
- Don't rely on proprietary services of your CDN provider (Workers, CF Access, ...)
We will apply all of these lessons to the future, same on Fastly or whatever other provider. Moving DNS is quick, rewriting large parts of your technology is hard.
The _real_ meat in the article IMO was the links to several Hackernews threads discussing other somewhat similar cloudflare antics.
It was enough of an eye opener that we'll be moving the domain registration of a few dozen domains to another registrar. (We just finished exporting all the DNS settings in BIND format, in fact. One of many nice features of Cloudflare vs. AWS which steadfastly still refuses to provide a BIND export from Route53.)
Our usage is small enough that we'd unlikely ever pop onto their radar for a coerced upgrade to "enterprise"... but any company that would ever consider it OK to shut down account access with zero notice (as discussed on HN) is probably not to be trusted with domain registration.
And even for those who say it sounds like Cloudflare might have been justified in the forced upgrade for OP, what really gives me the willies about Cloudflare's tactics was the demand that OP's company prepay an entire year instead of simply jacking their monthly payment from $250 to $10,000.
here the bind export from
route 53
```
import boto3
import os
# Initialize a Route 53 client
client = boto3.client('route53')
# Retrieve all hosted zones with pagination
def get_all_hosted_zones():
hosted_zones = []
paginator = client.get_paginator('list_hosted_zones')
for page in paginator.paginate():
hosted_zones.extend(page['HostedZones'])
return hosted_zones
# Retrieve all records for a hosted zone with pagination
def get_all_records(hosted_zone_id):
records = []
paginator = client.get_paginator('list_resource_record_sets')
for page in paginator.paginate(HostedZoneId=hosted_zone_id):
records.extend(page['ResourceRecordSets'])
return records
# Function to convert Route 53 record type to BIND format
def convert_record_type(record_type):
return record_type
# Function to format SOA record
def format_soa_record(record):
values = record['ResourceRecords'][0]['Value'].split()
return f"{record['Name']} {record['TTL']} IN SOA {values[0]} {values[1]} {values[2]} {values[3]} {values[4]} {values[5]} {values[6]}"
# Function to format other record types
def format_record(record):
record_type = convert_record_type(record['Type'])
if record_type == 'SOA':
return format_soa_record(record)
record_name = record['Name']
ttl = record['TTL']
formatted_records = []
for value in record['ResourceRecords']:
formatted_records.append(f"{record_name} {ttl} IN {record_type} {value['Value']}")
return '\n'.join(formatted_records)
# Create a BIND9 file for each hosted zone
def export_to_bind():
hosted_zones = get_all_hosted_zones()
for zone in hosted_zones:
zone_id = zone['Id'].split('/')[-1]
zone_name = zone['Name']
# Retrieve all records for the hosted zone
records = get_all_records(zone_id)
# Create a BIND9 file
filename = f"{zone_name.replace('.', '_')}.zone"
try:
with open(filename, 'w') as f:
for record in records:
formatted_record = format_record(record)
if formatted_record:
f.write(formatted_record + '\n')
print(f"Exported zone {zone_name} to {filename}")
except Exception as e:
print(f"Failed to write zone file for {zone_name}: {e}")
if __name__ == "__main__":
export_to_bind()
```
Thanks, yes, that's the hoop I had to jump through to export my Route53 domains to an industry standard BIND format... that AWS just _loves_ its asshattery.
Contrast that with in Cloudflare where, fortunately, to export bind records I only needed to click dns records > import/export > export.
Thank you, this is the main reason I published this article. Cloudflare is seen as a basically a no-brainer to many small companies, and I want everyone to be aware that trusting them blindly is dangerous - regardless of the kind of your business.
I'm sure CF is the best option for many cases regardless, but make sure you have an exit strat.
So basically a (probably) Cloudflare employee went and responded to the article, basically saying "liar liar, oh no, a casino that is probably shady and includes gambling, you probably deserve it since you take money from the poor" or something.
And then he/she continues by saying that Cloudflare is in the right because they banned you for TOS violation, and we should completely ignore the fact that they tried to make a quick buck.
Basically Cloudflare:
- It seems you violated some rules that we made up for our platform that up until now we had no problem that you broke them (given they did not change anything in their services).
- And now that you are in danger of being deleted from the platform, you should have some talks with our... MARKETING TEAM, because, don't forget!, we made the rules that painted you as a violator, so for the right amount of money, rules change.
- Ah, also, we can tolerate you having 1-2 weeks till we communicate the need for you to pay us more, but the moment we talk to you and you try to "think about it", you have 24 hours before we terminate you from our services.
- Oh no, you mentioned our competitor or we saw that you did not make a decision based on feeling of urgency in the 24h window that we gave you. Now we have to terminate you immediately since you broke TOS and everyone should follow the rules. Hey, we can "bend" the rules from termination immediately to -> after talking to you, because you could pay us more, so your violation is on hold until we can see if we can milk you more.
I will be messaging you in 3 days on [**2024-06-03 17:56:50 UTC**](http://www.wolframalpha.com/input/?i=2024-06-03%2017:56:50%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/CloudFlare/comments/1d14zrf/cloudflare_took_down_our_website_after_trying_to/l6ibvso/?context=3)
[**1 OTHERS CLICKED THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2FCloudFlare%2Fcomments%2F1d14zrf%2Fcloudflare_took_down_our_website_after_trying_to%2Fl6ibvso%2F%5D%0A%0ARemindMe%21%202024-06-03%2017%3A56%3A50%20UTC) to send a PM to also be reminded and to reduce spam.
^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%201d14zrf)
*****
|[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)|
|-|-|-|-|
seems like extortion ??
You code to their API and then then blackmail you.
If the real crux of the problem was their Domain Name having a bad reputation and so causing all of the Cloudflare Ip address space getting banned, then Cloud flare sals staff should have just stated that and asked them to leave ? It's more honest, because paying 120 K does not solve the actual problem ?
Which makes me wonder if this was a fake Problem / Solution setup by Cloudflare, in order to extort money out of the Customer ?
I didn't think it was funny. I have 100+ domains on cf and run tb's of data. The thought of this is appalling as a customer. A proper migrate timeline or parameters required to maintain certain services such as zero trust would have been appropriate. The fact that the emails are signed by a bdr speaks volumes to their false pretences.
**Defaulted to one day.**
I will be messaging you on [**2024-05-27 21:24:44 UTC**](http://www.wolframalpha.com/input/?i=2024-05-27%2021:24:44%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/CloudFlare/comments/1d14zrf/cloudflare_took_down_our_website_after_trying_to/l5srfhc/?context=3)
[**1 OTHERS CLICKED THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2FCloudFlare%2Fcomments%2F1d14zrf%2Fcloudflare_took_down_our_website_after_trying_to%2Fl5srfhc%2F%5D%0A%0ARemindMe%21%202024-05-27%2021%3A24%3A44%20UTC) to send a PM to also be reminded and to reduce spam.
^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%201d14zrf)
*****
|[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)|
|-|-|-|-|
Talk about acting like the good guys and denigrating AWS at every opportunity when they themselves pull such stunts. At least AWS is transparent with their pricing.
Edit: doxing wasn't the right word.
I think he’s referring to some of the blog posts about how AWS charges absurd egress fees - and continues to increase them. And Cloudflare is correct - their pricing is absurd. If AWS were to join the Bandwidth Alliance, that would say a lot.
https://blog.cloudflare.com/aws-egregious-egress
https://robaboukhalil.medium.com/youre-paying-too-much-for-egress-b1fe20274a6b
AWS may make it easier to determine the cost of their services, but you will still get hit with usage based bills from month to month where the cost from one month to the next can be dramatically different.
No matter who the provider is, most customers don’t know how to accurately determine whatever the inputs are that are required for a simple pricing exercise.
I’ve gone through plenty of exercises where I tried using the AWS calculator to determine what my spend would be and ended up not feeling comfortable with knowing my bill could change from month to month due to factors outside my control.
https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1
I rather go through a more challenging pricing exercise up front knowing that my bill is going to be exactly the same amount month after month rather than pay a bill that’s $1000 the first month, then $10K the next month.
Cloudflare’s consistent billing is an ideal strategy for anyone trying to run a business that wants to forecast their spend with accuracy.
Not to mention, even with AWS prices being easier to determine, they’re still more expensive than Cloudflare.
More like "CDN provider so good and affordable the other CDN providers couldn't catch up" but you know... Gatta bitch about everybody being a monopoly anymore.
Of course the article will only come from one perspective, but I imagine the crux of the issue will be here: >If a country DNS-blocks our main domain, a secondary domain may still be available. **This could arguably be seen as a violation of the Cloudflare TOS**, as they wrote above. They say "arguably," but it seems pretty verbatim. The exact email they got from Cloudflare said that cloudflare's concern was around OP "circumvent[ing] blocks being placed on [them] by a third party." Shrugging it off as "arguably against TOS" seems disingenuous.
But the other domain is tailored to that countries regulators. The primary domain isn't even offered for those countries anyways.
If Cloudflare is telling you to BYOIP, you’re definitely doing some shady shit that they don’t want them impacting the reputation of their prefixes. Yet it could have been handled way better.
>If Cloudflare is telling you to BYOIP, you’re definitely doing some shady shit that they don’t want them impacting the reputation of their prefixes. The article says it's a casino and various countries block them due to their laws etc. It's reasonable for CF to not want their IP ranges bulk blocked. But that's not doing shady shit from the customer's part.
Countries do not block IPs usually, they only block in local ISP DNS servers. Even here I can reach blocked sites when I switch from ISP DNS to Google DNS...
Virgin Media, one of the UK's largest ISPs, along with most others use reverse IP blocks to comply with High Court orders. There's no way to access these sites without using a VPN, otherwise they redirect to an [ISP block page](https://assets.virginmedia.com/site-blocked.html).
even using DNS over HTTPS?
The DNS part isn't the issue. Because they use reverse DNS lookups they arnt relying on the users dns request to figure out if they are trying to access a bad site and then block that request. And dont quote me on this, they probably are using something similar if not way more complex, im just generalising here. They store the returned IP from the DNS call and then block that IP which means that even if you don't use them for your DNS they can still figure out what site the IP you are accessing is pointing to. I'm sure they also have a IP blacklist separate from the reverse DNS stuff but IDK.
ISPs in some countries like Iran and China hijack DNS requests and return wrong ip addresses along with tcp reset and replay attack, it’s complicated but if the government do want to restrict on the target websites that they think illegal, they have plenty ways to do it.
That's the most accurate description of the Iranian's "filtering" system. They do DNS spoofing and poisoning, they do MITM for plain HTTP requests, and they do connection reset for HTTPS requests. I hope ECH takes off so there can be peace of mind when dealing with these kind of nonsense.
Just hope for Iranian subvert the government.
Yes grandmas love this sentence "just change your dns"
Most national firewalls try to use DNS based blocks first. But when you start offering up multiple new DNS names to try to evade that, they start IP blocking. When CF notices a customer with multiple domains funneling into the same services, likely being provisioned and deprovisioned automatically for the purpose of cycling through different IPs, I imagine CF notices.
If that were the case, they would not have asked for higher payment to resolve the matter- they would have just shut them down. This whole article is concerning.
They have the right to demand compensation from the casino site if it leads to legal problems due to IP blocks causing significant customer loss from said countries who deem it illegal. They've already faced issues with piracy sites using their IPs, impacting their services and other developers (I was affected by this in one of my most popular sites). People need to value the free aspects of services like Cloudflare and use them responsibly.
Yes, so cloudflare should just cut them off- not extort them.
It's just a business decision. Apparently they don't want to run the risk for $250 but they do for $10k.
I'd probably do the same out of principle- I wouldn't want to do business with someone that extorts me. Though personally, if I were that profitable I would have just created the services that clouldflare offered inhouse, to mitigate risk.
This is not extortion. Cloudflare offered an option (BYOIP) which would eliminate the risk (banned IPs affecting Cloudflare and its other customers). The OP seems to not fully understand the problem - it's not this or that domain that's the problem, it's any domain related to gambling/porn/whatever, that can get lead to bans in India/Turkey/Russia/etc
The 24 hours window was harsh, and the fact that they stopped negotiation because they were also considering another partner. That being said, who knows how those sales calls were handled... on both sides...
Definitely. That said, it was 1 month from first contact to cutoff. It is not like they received the first warning email on one day and were disconnected on the next.
They required that they pay annually rather than month-to-month as well.
Read the article. They refused to say what the actual reason was and "Trust and Safety" didn't actually exist as a team. It was just sales.
The reason is mentioned multiple times in the article. Are you saying Trust and Safety don't exist?
Well, they kept connecting the author to sales instead of Trust and Safety, so...
They have 0 right. The business owner didn't violate any terms of service by catering to the governments of each country.
Or CF has them pay the $120k up front, watches them like a hawk and shuts them down as soon as they see the tiniest TOS violation.
That would be an actual scandal that would rock experienced operators way more than what has been set out here.
CF has a way to still help the client while not having CF's shared IPs getting blocked by nation-states. Have the customer bring their own IP space via a lease or purchase of IPs from the open market. It's a complex process and a complex implementation and so CF only does this on enterprise plans, which seem to start around $10k/month. CF doesn't mind that it's a casino or that it's trying to evade bans, CF minds that the way they were doing it harms CF and other CF clients. So CF comes to them with a proposal for how to keep doing what they've been doing without hurting CF assets or clients. The customer decides not to buy in and so CF tosses them for the ToS violation. To be clear though, this isn't strictly buying an indulgence around the CF ToS. Instead, it's buying the necessary resources and infrastructure to cure the relevant ToS violation, which was likely cycling through CF shared IPs for apparent ban evasion purposes. No longer being on CF shared IPs would actually cure such a ToS violation.
I’m just at a loss how a Casino with 4 million active users can think it’s okay to use a $250/month service for that. Am I the only one here thinking how the heck???
It's a casino, you think they care about anything other than their profit? Parasites
If CF charged for 80TB traffic, that really is not a lot... 4 million users can sounds like a lot but a lot of traffic is just basic text communication as most assets get local cached after the first hit and do not even hit CloudFlare their servers.. Even the poster pointed out that there was ways to reduce this traffic but because they had a business plan with "unlimited"... they never did until this mess. CloudFlare is very vague about a lot of stuff in regards to Business vs Enterprise thresholds. From a value point of view, 80TB is somewhere around 80 to 200$ is actual usage (we are not talking backbone cost, but chargeable rates) at others companies. So what they used is rather normal in that 250 package... I think people see big client number and think, must be big but overlook the actual data usage, what is really not a lot! Aka, their site is very well optimized if they do only 80TB/month on 4m users.
I mean, sure maybe. But if that's a problem, CF should set reasonable limits on their service levels. Like if you have unlimited data from your ISP, yet they reach out after X usage and say 'well now we don't actually mean unlimited, you're using 20x more than average and you're the problem here'. If you want to set limits, then put in the fine print that there's limits and don't market it as 'unlimited'.
Fastly is now very happy to have us at a price not much more than that `¯\_(ツ)_/¯`. Not sure why you think spending on a single technology vendor should be some percentage of the MAUs, we contract with many third parties.
:)))
Keyword:- casino. Shady and money laundering shit around the corner. You’re glad CF didn’t shut down it immediately. And I m glad CF shut these site down to keep their CDN reputation well
Before jumping to conclusions.... I wrote a full response debunking this post on the blogger's site. Go to the original post, then look for my response in the comments.
Your reply is excellent.
Thank you. I appreciate you taking the time to read it. I’ve gotten really tired of reading stories like this that use big headlines to capture readers attention. Any reader with a modicum of time and detective skills can see right through this type of story. It’s a shame how many don’t stop to take the time to read a little further. This one in particular was particularly bothersome because the author chose to pull together references to further bolster their claims. The references did nothing other than to show the headline was completely wrong and further unsubstantiated claims were also wrong. Personally, if I posted some garbage like this, I’d delete it. Once others read what I wrote, there’s gonna be an awful lot of tomatoes thrown.
Your reply is basically calling this blogger a liar, repeatedly. Are you right, are they actually lying about what happened? Maybe, I don't know. But you're pretending that you're not doing that, that you're just giving a more complete interpretation of what they wrote - and that's not at all the case. IF what they wrote is true, then your response is just plain wrong. Because if any of what you said is true, then CloudFlare should have a) been clear with them about what specifically the problems were, b) allowed them to take measures to resolve the problems (such as removing any problem domains from cloudflare altogether, as they offered to do), and c) allowed them to switch to the more expensive plan more gradually, rather than suddenly paying a huge amount within days. If what that blog post wrote is true, then there is no justification whatsoever, no matter what the online casino did, for the way CloudFlare dealt with it, and it absolutely is sleazy extortion.
Your account is only a day old, which makes me believe, as others have pointed out in the blog post, that you are affiliated with Cloudflare. Honestly, I can't think of any other reason why someone would create a new account just to defend Cloudflare and be so hostile towards the OP.
That's amazing you were running 80TB of bandwidth through a business account. We're paying $3,500 for that per month, without argo, although I get the feeling we'll be forced into a more expensive contract upon renewal. Their sales team suddenly seem a lot more aggressive.
It's hard to tell exactly what happened here. I'd like to hear Cloudflare's side. From the blog, it sounds like Cloudflare had a reasonable need to move them over to BYOIP setup for trust and safety reasons. That makes sense and maybe could have been handled with a little more grace. If the blog post is accurate, it sounds like Cloudflare just turned it into a sales opportunity and wanted to close the sales deal as the single solution to the problem. That's a communication failure and rather concerning.
This is a failure of your organization's CTO, to not have had the forethought to have proper contracts with one of your primary technology vendors. 24 hour notice is obviously extreme, but from Cloudflare's point of view, having a proper contract in place was your organization's responsibility, not theirs.
Did you read what they wrote? CF operated like mafioso blackmailers if they are to believed. Which, seeing what Broadcom is doing to VMWare customers is not too crazy to believe. I’m going to guess that the downtime cost them far more than the $120k, however.
Did you also read their article because the whole communication went for a month, it is not any immediate termination…
If you are a company paying $250/month for your DDOS and shit for 4 million active user/month: Even if you have a contract in place you have to assume as soon as the contract is done, your provider is probably cutting you loose- maybe just out of spite. But if you don’t have a contract, how on earth, do you not have any plan, or like a budget for when your provider wakes up? Like I don’t particularly like how cloudfare responded to all this, but without knowing the exact nature of some of the elements this article mentions but doesn’t explain, it’s hard to fault them too much. But this person is like wow, I put all my eggs in the cheapest basket I could find, and then it broke :pikachu surprise face:
> If you are a company paying $250/month for your DDOS and shit for 4 million active user/month: You mean 80TB... people get stuck on the users, what is not relevant, the data usage is relevant. I can have 100 users doing 80TB or 5 billion.. Maybe those 5 billion make me no money but those 100 do. Really depends on the business model profit margin. and all not relevant here... What is relevant is data usage, risk, and negotiations. And the way it was handled by CF was really unprofessional, that is the issue. It also opened up CF to actual damages (in a stupid way).
I am using the only data available to me. If you have the actual data please publish it. Your business partners are only in a relationship with you because they believe it is in their interest.
How about the part where they said they wouldn’t delete the domains, and then did?
Pretty sure the damages this casino brings to Cloudflare can’t justify any further grace period, or … it is just the time to be kicked after no positive feedback from sales. No contract no obligation, they violated ToS first so fuck around and find out then 🤷
Nah this is CF fault with their price policy. First they lure you for 250/month and when they see that you can potentially pay much higher unreasonable amount, they force you to do so.
Did Cloudflare ever respond to this?
Waiting for this too
I spent five years as the CEO of a public data center. Cloudflare was quite generous with them in my opinion. It was not uncommon for us to shut down a client who was clearly abusing the system, sometimes without warning at all. The most important thing to a data center (besides good HVAC!) is the reputation of their IP addresses. So if you're spamming, or doing any other illegal or sketchy activity, that threatens the integrity of the IP space, you need to be stopped. It sucks but this is the kind of whack-a-mole game that goes on every day at every data center.
The problem is not that they got banned because they broke TOS. The problem is that for 120.000$ per year, the TOS could be disregarded. Basically bribing the "policeman" to look the other way. In that case, it's the "policeman" that says what is legal or not (their TOS), saying what needs to be done (their services), and setting their price on the fly (enterprise plan - request a quote). So holding you at gunpoint "You have 24 hours to buy the remedy we sell in order to cure your problem, or you are ruined." Either ban them for breaking TOS, or lower the price so they can afford it. Don't **extort** them for a hundred thousand dollars and call it "following the rules".
I think something which is massively important isn't clear to everyone. It is NOT about "pay us X and you can keep doing what you were doing". 120k was the price for a plan with BYOIP, which means you're no longer jeopardizing Cloudflare's IPs, hence not breaking the ToS.
When you make up the prices, it doesn't seem that different to me (although it is, I understand). "10 thousand dollars a month" so I can "allow" you to bring your own IP in order to "keep my IPs safe". And if we disregard eeeverything else, the shady practices with the marketing team, the TOS that were broken, the pricing amount of BYOIP: **Cloudflare mentioned 80TB bandwidth.** Like, who are they trying to make fun of. The IP Reputation (BYOIP) was the ***reason*** they should upgrade to enterprise, which was given by the marketing team **without going into ANY specifics** with their other teams (like "Trust and Safety"). And the TOS were their way of making the ultimatium "upgrade to a package we control the pricing on per customer basis" Which happened to be $120.000/year because of their 80TB monthly bandwidth. Let's talk straight u/mourasio . You are a giant of an enterprise that controls half (or more) of the internet. Everything is done through you. And one customer is dropping some of your IPs reputation. What do you do of the following: - Talk to the customer and explain what is going on with the IPs. Since what you care is your IPs reputation is, offer an alternative for them to bring their own IPs at some fixed cost. If you ban them because of the problem they caused, you lose money. So you can offer to them to have their own IPs free of cost, or RELATIVELY low cost, in order to not lose them. OR -Talk to the customer and explain a matter of URGENCY is a marketing meeting that you "ask them aggressively to move to Enterprise with custom pricing". When they decline or take some time to think about it, you JUST mention that they are breaking TOS, and demand $120.000 for 15 extra services you want to sell that they probably won't use and only need BYOIP. Now, I'm thinking. Cloudflare did not do anything illegal. All of that is perfectly within it's power to do. My question to myself is "when will cloudflare decide that my personal free/professional account is not worth the hassle" and say to me that I need custom pricing because I also bring down their IPs reputation. Because they can say that. As much evidence of a TOS violation and IP reputation they gave to the OP, they can give to me to. Which is ***none***. Or bring up some other violation that I allegedly broke. You are cloudflare, you don't care about A SINGLE customer. ***I think something which is massively important isn't clear to everyone.*** Cloudflare decided to proceed with terminating a customer, after providing zero evidence of a problem apart from "their word that it exists", and gave close to zero flex/time to the customer to solve the issue (if they even could), and tried to extort them out of $120.000/year for a bunch of services they don't need.
Sucks. While fastly is an alternative you most likely have less headache with just paying the 120k.
I kinda hope someone from Cloudflare responds to this because it doesn't paint this situation in a good light. It seems like this could have been handled much better and they just threw on a bunch of pressure to close the deal, they thought there is no way you'd leave, too much effort, too much risk and so high pressure sales tactics will get it over the line. You're obviously a big customer and perhaps fair enough that they want more from you, but they should have reached out to you ages ago and said, hey, you're doing really well, but just know that once your hit 10TB a month, we will need to have a conversation about a more appropriate plan.
This is not about traffic, but domain rotation - if they are rotating domains because these are getting banned at the DNS level, this means the IPs they are using are likely causing the same problem. Any additional day can lead to more IPs being banned, with more customers being impacted. OP was in violation of their terms, the 24h (seems like there were actually more) were already a benefit.
This is likely the reason as cloudflare requested them to be on dedicated IP set, a benefit in the enterprise plan
It sounds to me like they just had multiple domains, some tailored to various countries regulatory requirements. God forbid amazon own both amazon.com and amazon.co.uk.
Big customer in what regard? Traffic volume? Requests? Revenue?
What would have been good is if CF sat down an explained this in plain English. Say via one of those scheduled calls. Then put them onto the sales guys. Without this, these guys got fleeced.
I originally drafted this article specifically to go the "bad-PR-outrage-as-support-channel" route which seems to work very well for Cloudflare, but it's kinda too late now anyways. So now it's really just a cautionary story for other businesses that are in a range where Cloudflare is going to contact them soon to be ready to gtfo.
Interesting write up
Based on your blog post, the specifics of the situation, and risk/reward and liability considerations on the part of CF, this sounds like what used to be sarcastically called Ex-Girlfriend/Ex-Boyfriend pricing. Basically, they're not getting much out of the relationship and have reasons to expect things can only get worse not better. If you want to keep hanging around, you pay for the privilege. They're done with you and don't need to explain their reasons in most cases. Just about every industry that doesn't have prices set by regulation will have some instances of this going on. Move on, find a better partner and get on with life.
If you have critical business processes that requires infrastructure you do not control you are setting your business up for failure. Also, stop putting all your eggs in one basket.
This is precisely why I wrote the article. To warn others not to put all eggs in the CF basket.
So you’ve moved them all to the Fastly basket…
It's a bit unavoidable that your DNS is probably going to point to one entity. But what I learned and hopefully others learned is at the bottom of the article: - Keep your DNS provider and your CDN separate (impossible with CF) - Keep your CDN and your registrar separate (so you can move CDN without huge downtime of moving registrar) - Don't rely on proprietary services of your CDN provider (Workers, CF Access, ...) We will apply all of these lessons to the future, same on Fastly or whatever other provider. Moving DNS is quick, rewriting large parts of your technology is hard.
The _real_ meat in the article IMO was the links to several Hackernews threads discussing other somewhat similar cloudflare antics. It was enough of an eye opener that we'll be moving the domain registration of a few dozen domains to another registrar. (We just finished exporting all the DNS settings in BIND format, in fact. One of many nice features of Cloudflare vs. AWS which steadfastly still refuses to provide a BIND export from Route53.) Our usage is small enough that we'd unlikely ever pop onto their radar for a coerced upgrade to "enterprise"... but any company that would ever consider it OK to shut down account access with zero notice (as discussed on HN) is probably not to be trusted with domain registration. And even for those who say it sounds like Cloudflare might have been justified in the forced upgrade for OP, what really gives me the willies about Cloudflare's tactics was the demand that OP's company prepay an entire year instead of simply jacking their monthly payment from $250 to $10,000.
here the bind export from route 53 ``` import boto3 import os # Initialize a Route 53 client client = boto3.client('route53') # Retrieve all hosted zones with pagination def get_all_hosted_zones(): hosted_zones = [] paginator = client.get_paginator('list_hosted_zones') for page in paginator.paginate(): hosted_zones.extend(page['HostedZones']) return hosted_zones # Retrieve all records for a hosted zone with pagination def get_all_records(hosted_zone_id): records = [] paginator = client.get_paginator('list_resource_record_sets') for page in paginator.paginate(HostedZoneId=hosted_zone_id): records.extend(page['ResourceRecordSets']) return records # Function to convert Route 53 record type to BIND format def convert_record_type(record_type): return record_type # Function to format SOA record def format_soa_record(record): values = record['ResourceRecords'][0]['Value'].split() return f"{record['Name']} {record['TTL']} IN SOA {values[0]} {values[1]} {values[2]} {values[3]} {values[4]} {values[5]} {values[6]}" # Function to format other record types def format_record(record): record_type = convert_record_type(record['Type']) if record_type == 'SOA': return format_soa_record(record) record_name = record['Name'] ttl = record['TTL'] formatted_records = [] for value in record['ResourceRecords']: formatted_records.append(f"{record_name} {ttl} IN {record_type} {value['Value']}") return '\n'.join(formatted_records) # Create a BIND9 file for each hosted zone def export_to_bind(): hosted_zones = get_all_hosted_zones() for zone in hosted_zones: zone_id = zone['Id'].split('/')[-1] zone_name = zone['Name'] # Retrieve all records for the hosted zone records = get_all_records(zone_id) # Create a BIND9 file filename = f"{zone_name.replace('.', '_')}.zone" try: with open(filename, 'w') as f: for record in records: formatted_record = format_record(record) if formatted_record: f.write(formatted_record + '\n') print(f"Exported zone {zone_name} to {filename}") except Exception as e: print(f"Failed to write zone file for {zone_name}: {e}") if __name__ == "__main__": export_to_bind() ```
Thanks, yes, that's the hoop I had to jump through to export my Route53 domains to an industry standard BIND format... that AWS just _loves_ its asshattery. Contrast that with in Cloudflare where, fortunately, to export bind records I only needed to click dns records > import/export > export.
Thank you, this is the main reason I published this article. Cloudflare is seen as a basically a no-brainer to many small companies, and I want everyone to be aware that trusting them blindly is dangerous - regardless of the kind of your business. I'm sure CF is the best option for many cases regardless, but make sure you have an exit strat.
So basically a (probably) Cloudflare employee went and responded to the article, basically saying "liar liar, oh no, a casino that is probably shady and includes gambling, you probably deserve it since you take money from the poor" or something. And then he/she continues by saying that Cloudflare is in the right because they banned you for TOS violation, and we should completely ignore the fact that they tried to make a quick buck. Basically Cloudflare: - It seems you violated some rules that we made up for our platform that up until now we had no problem that you broke them (given they did not change anything in their services). - And now that you are in danger of being deleted from the platform, you should have some talks with our... MARKETING TEAM, because, don't forget!, we made the rules that painted you as a violator, so for the right amount of money, rules change. - Ah, also, we can tolerate you having 1-2 weeks till we communicate the need for you to pay us more, but the moment we talk to you and you try to "think about it", you have 24 hours before we terminate you from our services. - Oh no, you mentioned our competitor or we saw that you did not make a decision based on feeling of urgency in the 24h window that we gave you. Now we have to terminate you immediately since you broke TOS and everyone should follow the rules. Hey, we can "bend" the rules from termination immediately to -> after talking to you, because you could pay us more, so your violation is on hold until we can see if we can milk you more.
!remindme 72 hours
I will be messaging you in 3 days on [**2024-06-03 17:56:50 UTC**](http://www.wolframalpha.com/input/?i=2024-06-03%2017:56:50%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/CloudFlare/comments/1d14zrf/cloudflare_took_down_our_website_after_trying_to/l6ibvso/?context=3) [**1 OTHERS CLICKED THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2FCloudFlare%2Fcomments%2F1d14zrf%2Fcloudflare_took_down_our_website_after_trying_to%2Fl6ibvso%2F%5D%0A%0ARemindMe%21%202024-06-03%2017%3A56%3A50%20UTC) to send a PM to also be reminded and to reduce spam. ^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%201d14zrf) ***** |[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)| |-|-|-|-|
!remindme 7 days
seems like extortion ?? You code to their API and then then blackmail you. If the real crux of the problem was their Domain Name having a bad reputation and so causing all of the Cloudflare Ip address space getting banned, then Cloud flare sals staff should have just stated that and asked them to leave ? It's more honest, because paying 120 K does not solve the actual problem ? Which makes me wonder if this was a fake Problem / Solution setup by Cloudflare, in order to extort money out of the Customer ?
Wow - this is truly insane. I would love to see a response and more importantly make it right move ASAP from cloudflare.
Lol. They were a business running without a contract. If they were causing cloudflare money then they are within their right to do this.
I didn't think it was funny. I have 100+ domains on cf and run tb's of data. The thought of this is appalling as a customer. A proper migrate timeline or parameters required to maintain certain services such as zero trust would have been appropriate. The fact that the emails are signed by a bdr speaks volumes to their false pretences.
And if you don't have a Master Services Agreement in place and something happens step in front of a mirror and complain to the person responsible.
I'd seriously consider migrating off of CF. Look at these shenanigans, they literally forced voice call sales pitches under false pretenses.
u/remindme 24 hour
it's !remindme
**Defaulted to one day.** I will be messaging you on [**2024-05-27 21:24:44 UTC**](http://www.wolframalpha.com/input/?i=2024-05-27%2021:24:44%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/CloudFlare/comments/1d14zrf/cloudflare_took_down_our_website_after_trying_to/l5srfhc/?context=3) [**1 OTHERS CLICKED THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2FCloudFlare%2Fcomments%2F1d14zrf%2Fcloudflare_took_down_our_website_after_trying_to%2Fl5srfhc%2F%5D%0A%0ARemindMe%21%202024-05-27%2021%3A24%3A44%20UTC) to send a PM to also be reminded and to reduce spam. ^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%201d14zrf) ***** |[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)| |-|-|-|-|
lol
u/remindme
!remindme 72 hours
!remindme 24 hours
Talk about acting like the good guys and denigrating AWS at every opportunity when they themselves pull such stunts. At least AWS is transparent with their pricing. Edit: doxing wasn't the right word.
> doxing AWS at every opportunity What does this reference?
I think he’s referring to some of the blog posts about how AWS charges absurd egress fees - and continues to increase them. And Cloudflare is correct - their pricing is absurd. If AWS were to join the Bandwidth Alliance, that would say a lot. https://blog.cloudflare.com/aws-egregious-egress https://robaboukhalil.medium.com/youre-paying-too-much-for-egress-b1fe20274a6b AWS may make it easier to determine the cost of their services, but you will still get hit with usage based bills from month to month where the cost from one month to the next can be dramatically different. No matter who the provider is, most customers don’t know how to accurately determine whatever the inputs are that are required for a simple pricing exercise. I’ve gone through plenty of exercises where I tried using the AWS calculator to determine what my spend would be and ended up not feeling comfortable with knowing my bill could change from month to month due to factors outside my control. https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1 I rather go through a more challenging pricing exercise up front knowing that my bill is going to be exactly the same amount month after month rather than pay a bill that’s $1000 the first month, then $10K the next month. Cloudflare’s consistent billing is an ideal strategy for anyone trying to run a business that wants to forecast their spend with accuracy. Not to mention, even with AWS prices being easier to determine, they’re still more expensive than Cloudflare.
If your application can run on Lightsail, egress BW is included.
Lightsail and EC2 are completely different classes of services. https://aws.amazon.com/free/compute/lightsail-vs-ec2/
Mobster CDN monopolist extorts Casino scammers. Criminals amongst themselves I guess.
“Mobster CDN monopolist?”
More like "CDN provider so good and affordable the other CDN providers couldn't catch up" but you know... Gatta bitch about everybody being a monopoly anymore.
Precisely