Cloudflare Cloudbleed?

(Richard Dingwall) #1

Does Discourse use Cloudflare? If yes, what steps should forum operators/users be taking to mitigate the recent Cloudbleed issue?

(ljpp) #2

Discourse supports CloudFlare and many admins use it, but to my knowledge it is not used here.

(Jeff Atwood) #3

We don’t use it, there is zero benefit to Discourse other than DDoS protection. In fact, using it creates problems and breaks long polling.

Using CloudFlare as plain vanilla DNS works fine, but wouldn’t be subject to this problem anyway.

(ljpp) #4

I beleive this has been discussed before:

  • Does not break long polling. Works perfectly with Discourse.
  • Saves a ton of bandwidth, as it acts as a CDN for static content.
  • Improves loading times if Cloudflare node is closer to the end user than your server.

But a super nasty leak.

(Jeff Atwood) #5

Incorrect, CloudFlare does break long polling. Read for yourself.

(ljpp) #6

Not when only static content is cached/accelerated. Verified this in January. But that is off topic.

CloudFlare is contacting customers directly regarding this matter. Just got a mail that my domain’s content has not been found in web caches, based on their analysis. But of course this does not eliminate the chance that some bytes are stores somewhere.

So, CloudFlare users - check your inbox.