Serious Discussion Cloudflare Gateway Free Plan

[SeriousHoax]

Looks like same happened over night, log entirely cleaned.

View attachment 294723

I'll switch back to your script from a few days ago. Just to see if it will work normally (because it was). If it doesn't work again, then I'll have to contact Cloudflare support.

It's not a script related issue because in that case I would face it also. My DNS query analytics is normal.
Let's see what happens today.

 

[LinuxFan58]

@Marko :) @SeriousHoax

Trying to assess the difference (because 9 out of 10 this are problem candidates)

Are you both on the same plan? Marko you may have accidentally changed something which you are overlooking. Have you tried deleting and forking again?

 

[Marko :)]

It's not a script related issue because in that case I would face it also. My DNS query analytics is normal.
Let's see what happens today.

I guess it's new Cloudflare dashboard acting up. After work, when I went to my laptop, I was logged out from Cloudflare dashboard.

Now I enabled complete logging, and it still doesn't log allowed requests. It's something definitely on their side.

 

[Marko :)]

@Marko :) @SeriousHoax

Trying to assess the difference (because 9 out of 10 this are problem candidates)

Are you both on the same plan? Marko you may have accidentally changed something which you are overlooking. Have you tried deleting and forking again?

Yes. I don't think it has something to do with script anymore. If it's working correctly for @SeriousHoax and @rashmi, then it's definitely not the script.

I think it's Cloudflare acting up because they changed my dashboard UI and it's barely functional. Logging is really unreliable.

I only changed script two days ago, and the issue started appearing yesterday evening. And I had logs cleared again few hours ago.

 

[rashmi]

Yes. I don't think it has something to do with script anymore. If it's working correctly for @SeriousHoax and @rashmi, then it's definitely not the script.

I think it's Cloudflare acting up because they changed my dashboard UI and it's barely functional. Logging is really unreliable.

I only changed script two days ago, and the issue started appearing yesterday evening. And I had logs cleared again few hours ago.

@SeriousHoax's script has been running absolutely wonderfully here, and Cloudflare is also working well.

I'm unsure, but it could be an account-related issue: you removed the payment information, which may have caused the Cloudflare check to detect inconsistencies; the updated free plan lacks payment information, which could lead to a downgrade, temporary feature limitations, or account restrictions.

 

[Marko :)]

@SeriousHoax's script has been running absolutely wonderfully here, and Cloudflare is also working well.

I'm unsure, but it could be an account-related issue: you removed the payment information, which may have caused the Cloudflare check to detect inconsistencies; the updated free plan lacks payment information, which could lead to a downgrade, temporary feature limitations, or account restrictions.

I doubt it has something to do with that. Free plan is still active, and billing date is yet to come in two weeks. I'll update you if I get downgraded.

Beside, I'm not using anything that legacy plan doesn't already have. I will contact Cloudflare support one I get some time.

 

[rashmi]

I doubt it has something to do with that. Free plan is still active, and billing date is yet to come in two weeks. I'll update you if I get downgraded.

Beside, I'm not using anything that legacy plan doesn't already have. I will contact Cloudflare support one I get some time.

The Cloudflare account may appear normal, but there could be server-side automatic service abuse restrictions or temporary bans. I suspect it's an account-related issue; the logs are also disappearing ("Logs" is a limited feature in the legacy plan), but as I mentioned, I'm unsure. I've been using the Cloudflare Zero Trust legacy free plan for nearly two years with no issues.

 

[Parkinsond]

Several domains related to Cloudflare such as X and Neowin were down; might be the cause?

 

[rashmi]

I suspect it's an account-related issue; the logs are also disappearing ("Logs" is a limited feature in the legacy plan),

@Marko :), I was mistaken; I thought the new plan offered 7-day logs, but it's 24-hour, according to the pricing chart. The pricing chart is unclear since it says 3 locations for the free plan, but you could create more.

 

[Marko :)]

@Marko :), I was mistaken; I thought the new plan offered 7-day logs, but it's 24-hour, according to the pricing chart. The pricing chart is unclear since it says 3 locations for the free plan, but you could create more.

3 locations is for free legacy plan, 50 for new free plan. This is why I could create more than 3 locations.

Anyway, I filed a support ticket, will see what they reply. Meanwhile, DNS log keeps records from this afternoon, but Overview doesn't show total request count and keeps getting reset.

 

[rashmi]

@Marko :), Yes, the plan comparison chart on the website shows only three locations for the free plan, but it appears Cloudflare allows more.

 

[simmerskool]

I guess it's new Cloudflare dashboard acting up. After work, when I went to my laptop, I was logged out from Cloudflare dashboard.

Now I enabled complete logging, and it still doesn't log allowed requests. It's something definitely on their side.

FIWI & totally unrelated... yesterday, chatgpt would not log me in, would not even send an initial free chat, nothing had changed on my side, later from a different computer chatgpt said it might be session cookie got "sideways" and to delete all related to chatgpt and openai. only similarity: both are odd "coincidences" (like I said fwiw)

 

[Marko :)]

FIWI & totally unrelated... yesterday, chatgpt would not log me in, would not even send an initial free chat, nothing had changed on my side, later from a different computer chatgpt said it might be session cookie got "sideways" and to delete all related to chatgpt and openai. only similarity: both are odd "coincidences" (like I said fwiw)

Are you using Firefox? ChatGPT stopped working in Firefox yesterday and they issued dot update 147.0.1.

 

[Marko :)]

@SeriousHoax @rashmi What version of the Cloudflare Zero Trust dashboard you have?

The reason I'm asking @ohranovic told me he's experiencing the same behavior in his dashboard (he added and kept the card there) and has a new one like me. He's using mrrfv's script so it has nothing to do with the script as you, @SeriousHoax, said.

The new dashboard has menu designed like this:

"Last 24 hours" part on the overview part keeps records only for the last two hours, not 24 hours. I suspect they are doing some changes, because when I open the log, I can see data for entire 24 hours. Moreover, sometimes, when I click on blocked entry (such as variations.brave.com which is blocked ih Pro++ blocklist), I get:

The request to 'variations.brave.com' was blocked due to its categorization as a Technology site, which may be restricted by the firewall policy with UUID 'cc06d3f56eaa4e48affe58ec8d323b9f'.

When I click on that policy ID, it takes me to Create an HTTP policy part. It's definitely on their end and not on mine. Could be that the changes are coming for us that are on Zero Trust Free plan.

Update: I was looking at cloudflarestatus.com to see if Cloudflare had some issues back then and it did indeed.

 

[rashmi]

@Marko :), The Cloudflare dashboard here is identical to yours. It seems that this is how Cloudflare logs work: selecting "Last 24 hours" directs you to the log section, which displays logs for only the last hour and requires manual action to access the 24-hour logs. It takes me to the linked policy for the blocked item when I click "Policy ID."

 

[Andy Ful]

Cloudflare WARP vs. Malware.

Cloudflare WARP application can be configured to login to Zero Trust and has some potential advantages. For example, it can serve as the system-wide anti-payload firewall.

Nowadays, the initial malware is often a loader that needs to download payloads, and those payloads are often located on some NRDs (Newly Registered Domains). Payloads are mainly loaded outside the web browser, so they cannot be blocked by the DNS resolver configured in the web browser.

Other free DNS resolvers can also be configured as system-wide, but without blocking NRDs. When running the malware loader (originated from an email attachment or from a USB drive, etc.), such DNS resolvers are ineffective for blocking the malware hosting domains. Blocking the NRD system-wide can significantly increase the protection.

However, this can increase the number of false positives. The loaders are also used to install benign applications. The installation can be blocked when the offline installer is on NRD or the domain is blocked, as in the example below:

 

[SeriousHoax]

@SeriousHoax @rashmi What version of the Cloudflare Zero Trust dashboard you have?

The reason I'm asking @ohranovic told me he's experiencing the same behavior in his dashboard (he added and kept the card there) and has a new one like me. He's using mrrfv's script so it has nothing to do with the script as you, @SeriousHoax, said.

The new dashboard has menu designed like this:

View attachment 294773

"Last 24 hours" part on the overview part keeps records only for the last two hours, not 24 hours. I suspect they are doing some changes, because when I open the log, I can see data for entire 24 hours. Moreover, sometimes, when I click on blocked entry (such as variations.brave.com which is blocked ih Pro++ blocklist), I get:

When I click on that policy ID, it takes me to Create an HTTP policy part. It's definitely on their end and not on mine. Could be that the changes are coming for us that are on Zero Trust Free plan.

Update: I was looking at cloudflarestatus.com to see if Cloudflare had some issues back then and it did indeed.

Same dashboard for me also. It changed this a week or two ago. Everything is still normal on my end. I don't really know what to say.

Other free DNS resolvers can also be configured as system-wide, but without blocking NRDs.

NextDNS and AdGuard (with account) also have NRD blocking.

 

[Marko :)]

I bet they are changing something. Or could be because we have WARP enrolled into Zero Trust and you don't.

 

[SeriousHoax]

I bet they are changing something. Or could be because we have WARP enrolled into Zero Trust and you don't.

I also have it but I haven't used WARP since the day I rolled Zero Trust into it for testing.
But it's possible that they are changing something which is affecting some users. Either more will be affected or they will fix it.

 

[Marko :)]

I also have it but I haven't used WARP since the day I rolled Zero Trust into it for testing.
But it's possible that they are changing something which is affecting some users. Either more will be affected or they will fix it.

I think what happened is Cloudflare had issues on their end, that's why filtering briefly stopped and issues with dashboard made logs disappear. They are 100% doing changes to Free plan and dashboard which is that weird behavior I'm seeing.

"Last 24 hours" graph is being reset every two hours, but logs are kept for full 24 hours. Both "Last hour" and "Last 24 hour", "View all" link leads to same page DNS logs for last hour, not 24 hours.

Btw no one responded to support ticket; probably because it's weekend and free plan doesn't have priority. I'll see if they'll reply in the next 5 days; if don't I'll be writing on their forum. Because I'm genuinely interested what exactly happened.