[serentty]

If you come back tomorrow, I can probably turn CloudFlare off. Although I understand not being enthusiastic enough about my novelty website to bother.

[nonrandomstring]

Please for the love of kittens turn off Cloudflare and never put it on again. For me and other Tor users that awful service is a guaranteed way of ensuring we'll never see your site (which I am very interested in BTW).

[serentty]

Yeah, sorry about that. I am planning on finding a way to keep things interesting and authentic with the hosting, but also accessible to everyone.

In the meantime, if you want to visit the page directly without CloudFlare, go to http://trombone.zapto.org instead.

[nonrandomstring]

I use a text based browser from my editor and that loads as close to instantly as you'd ever hope for! A VIC-20 version sounds even more awesome.

[hsbauauvhabzb]

If you care about privacy, using a text based browser from an editor is a terrible idea for many reasons, lol.

[nonrandomstring]

Sounds interesting. Do share. What's your threat model?

[hsbauauvhabzb]

Assuming emacs, attacking major mode detection, or triggering lisp execution.

Edit: but also identifying heuristics like lack of JS execution, or potentially client specific http client behaviour

[hsbauauvhabzb]

Turning cloudflare off has DoS implications for a sanely hosted side, let alone a 386. You turning off tor when required would be a better option.

I hope you don’t regularly make such selfish requests to potential DoS victims due to your own arrogance / ignorance.

[serentty]

I’m dumb enough to do it anyway. ;)

[nonrandomstring]

Extra points for being able to insult both the OP and myself in one sentence. If you've nothing constructive to add how about you leave us insane, ignorant and arrogant grown-ups in peace to work out our own stuff?

[hsbauauvhabzb]

I don’t think I insulted op? You’re not a grown up, you’re a self entitled privacy weeb.

[rkagerer]

Are there any tricks a user can do to bypass Cloudflare or force a cache invalidation?

[arjvik]

That would entirely defeat the purpose of cloudflare's DDoS protections.

[serentty]

Yeah, I imagine it would. I can invalidate the cache myself, but it would not make sense for a user to do so.

[zhfliz]

generally, adding random query params like ?1, ?2, ?12345 helps with the default settings of including that in the cache key.

that will also work in this instance.

you won't however see it slowly send the response as you do on http://trombone.zapto.org/, as cloudflare seems to block until it received the full response from the backend.

[freedomben]

You're not wrong, but all of that behavior is configurable so may work on some sites and not others. The account owner can tell cloudflare whether to consider query params different or the same for cache hit puproses. You can also configure whether cloudflare streams/buffers (although some of it does require the enterprise plan).

No affiliation with cloudflare other than I use them for several sites.

[zhfliz]

indeed, hence

> helps with the default settings of including that in the cache key

I didn't know about response streaming being configurable, it seems to be enabled by default and configurable for enterprise customers: https://support.cloudflare.com/hc/en-us/articles/206049798-S...

I assume due to the (relatively) small response size of this page it buffers regardless.

[serentty]

If you want to visit the page directly without CloudFlare, go to http://trombone.zapto.org instead.

[rkagerer]

Nice! Thanks for serving me. It was snappier than expected.

[jesprenj]

Somehow getting the IP address of the server (in this case 174...*) would enable you to connect directly. Websites, such as crimeflare.org crawled the net to gather those addresses, probably by scanning, but the mentioned site was shut down as it seems.

[hunter2_]

A site that really wants Cloudflare's protection would ignore all traffic that doesn't come from Cloudflare though. In practice, many origins probably aren't locked down in this fashion.