CloudFlare-AlwaysOnline

Forum Moderators: open

Message Too Old, No Replies

CloudFlare-AlwaysOnline

gesh

4:17 am on Nov 11, 2016 (gmt 0)

UA: Mozilla/5.0 (compatible; CloudFlare-AlwaysOnline/1.0; +http://www.cloudflare.com/always-online) AppleWebKit/534.34
Protocol: HTTP/1.1
Robots.txt: No
NetRange: 162.158.0.0 - 162.159.255.255
CIDR: 162.158.0.0/15

Always Online is a feature that caches a static version of your
pages in case your server goes offline.

If your origin server is ever unavailable, Cloudflare will serve a
limited copy of your cached website to keep it online for your
visitors.

To rephrase it, if a Cloudflare customer hotlinks to any of your
images, then this bot will download them and store them in the cloud.
At least, this is what it does for my sites (I don't use Cloudflare).
By the way, the bot does set referrer information, so it's easy to see what sites link to
your images. In my case, most referrers are garbage websites with
spammy looking URLs, computer generated on-page text, and images
stolen from other sites.

keyplyr

5:01 am on Nov 11, 2016 (gmt 0)

Good catch gesh

Have you seen any other agent that includes "CloudFlare" in the UA string?

most referrers are garbage websites with
spammy looking URLs, computer generated on-page text, and images
stolen from other sites.

mp3daily.xyz was doing just that (hotlinks), causing approx. 6k 403s per day for 2 weeks at my site, then abruptly stopped.

More cloudflare.com here: [webmasterworld.com...]

blend27

1:21 pm on Nov 11, 2016 (gmt 0)

All these big companies keep chipping away content on the backs of original creators based on OPT-OUT method for what it seems.

Excellent biz model.

Just one more string to add to BAN UA regexp.

gesh

5:06 pm on Nov 11, 2016 (gmt 0)

Have you seen any other agent that includes "CloudFlare" in the UA string?

No, that's the only one I've seen.

Some requests are now coming from 103.21.246.0/24 (103.21.246.0 - 103.21.246.255) range.

keyplyr

9:01 pm on Nov 11, 2016 (gmt 0)

Some requests are now coming from 103.21.246.0/24 (103.21.246.0 - 103.21.246.255) range.

That cloudflare.com range is a bit wider:
103.21.244.0 - 103.21.247.255
103.21.246.0/22
(added to Server Farm list)

blend27

4:40 pm on Nov 12, 2016 (gmt 0)

Me and my Don't be Evil thoughts:

1. Identify the hot-linker by referrer.
2. Make a fake-evil-2 image to be cached by cloudflare.
3. Move on, Next.

keyplyr

8:44 pm on Nov 12, 2016 (gmt 0)

@blend27 - thanks.

I also use file-switching for hot-linked images, but some web sites may invite image hot-linking, and others may intend their articles cached or republished.

So the purpose of this forum is to document not to advise (unless asked) since each web site has different interests.