DDoS Protection by Cloudflare

Whoever the fuck implemented "DDoS Protection by Cloudflare" is a SPAZZY-ARSED TWAT.

Why? That's easy. Because it DOESN'T FUCKING WORK. What it does do is block access to the fucking website it's on entirely, which is fucking shite.

At the time of writing, an important story being reported in technical news is that of the FBI trying to get a court order forcing Apple to crack some cunt's iphone. (As a side note, I hope they win. Anything that fucks Apple up and puts people off wasting money on their shitey corporate-fascist devices is a good thing in my book.) This has led me to attempt to follow links to the blog of some bod unpronounceably named "zdziarski" who is into this sort of thing.

Note that I say "attempt to follow". Because this blog is behind this stupid bloody "DDoS Protection by Cloudflare" shite, and therefore the links don't fucking work. All that happens is I get a page with the following shitty message on it:

Checking your browser before accessing zdziarski.com.

This process is automatic. Your browser will redirect to your requested content shortly.

Please allow up to 5 seconds...
DDoS protection by CloudFlare
Ray ID: 28bdd3ec67e2347c

...And that is it. The browser does NOT "redirect to my requested content". All it does is RELOAD THE SAME FUCKING PAGE OVER AND OVER AGAIN, at five-second intervals, with a different value for "Ray ID" (whoever the fuck Ray is).

Here is a sample capture of a few iterations of this mindless bollocks: cloudflare-ddos-doesnt-work.pcap.gz

In order to read the content of the actual blog page I have to paste the URL into Google, and then read Google's cached version of the page instead of the actual thing itself. (Oh yes, fucking Googlebot can read it all right, but not a real fucking browser.) And I still can't see the images which are used to illustrate the blog entry, because they aren't displayed on the cached version of the page and the same fucking stupid thing happens if I try to load them. Which is shit.

On Cloudflare's page about this crap we find the following admission of shitness: "Javascript and cookies are required for the tests, and to record the fact that the tests were correctly passed."


Listen you aneuronic voidskulls. HTTP is a STATELESS protocol. Suck it up. Don't try and dodge it. Don't assume that you can weasel around it somehow. It's fucking stateless, so write your fucking code accordingly. If it relies on client state then it won't fucking work. Well, it might do, but you have no reason to expect it to, and every reason to expect it to break. THIS IS BLEEDING OBVIOUS. Code assuming a capability that the protocol doesn't have and of course it won't fucking work, what the fuck do you expect? Fucking idiots. The only case where it's acceptable to do that sort of shit is when it doesn't bleeding matter if it doesn't work. You most certainly do NOT do it when if it doesn't work you can't even get to the bleeding site at all.

Same goes for fucking scripting. You must expect that not to work either, for the same sort of reasons. If you've written something that relies on javascript to work then you are a moron who has written some broken crap based on false assumptions. Either recode it so it doesn't involve fucking scripting or don't fucking do it at all.



And zdziarski, you are a cunt too for hiding your fucking blog behind this stupid shit that doesn't fucking work.

FIX IT OR LOSE IT, you stupid bastards.

Back to Crap Stuff

Back to Pigeon's Nest

Be kind to pigeons

Valid HTML 4.01!