WHITELIST vs BLACKLIST (CloudFlare problem)

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • The Hun
    Confirmed User
    • Jan 2001
    • 1207

    #1

    WHITELIST vs BLACKLIST (CloudFlare problem)

    Cloudflare, a host used by a lot of people apparently, made it painfully obvious some people in the industry don't know the difference between a whitelist and a blacklist, and that there are two very specific problems you can solve with them. In fact, I see that modern day programmers are so blissfully unaware of some programming issues (performance, compatibility, that sort of thing) that I end up writing the same message to a lot of people... better share it here as well, maybe it helps

    Anyway, let's say you have a bar. Members only. A selected few may enter your club/bar after going through screening, payment processing, health check to make sure there are no STD's, parental checks to make sure their dad's not a judge or something, you name it. Your club, your rules... but there will be a bouncer at the door that has a WHITELIST. You want to know exactly who's inside and nobody else... that's what a whitelist is for.

    If you run a less classy bar, let's call it The Hun's Schmutzige Mutze, the bar basically just has to be full. You want a lot of people in there, partytime, long, short, fat, skinny, doesn't matter, as long as they're in! But... there's always a few troublemakers. You don't want to allow the people in that caused a big fight over who's turn it was to toss the midget over the bar or who it was that deliberately punctured your rubbers. Those troublemakers should not come in again. The bouncer at that bar will have a BLACKLIST, if you're not on the list you're presumed innocent and may proceed...

    Now... why the fuck am I talking about bars. Well... the same goes for websites... if you have a paysite you only want to allow people that paid you. So you'll use a whitelist. If you build an ad to promote your paysite (in this case: a gallery), you want everybody to be able to see your ads, you don't want that behind a whitelist. Maybe you want to block some people that caused problems in the beginning, that's fine, but you need a blacklist for that...

    CloudFlare is an example of using the wrong list at the wrong time, or I should say: some people using CloudFlare as their host... They offer this feature that blocks people with an unknown browser signature from their sites. So if Chrome comes with a new signature it will be blocked, if people have an obscure browser that's not in the list CloudFlare recognizes they will be blocked. You don't know who you're blocking if you use a whitelist. And if you have your stuff listed on thehun you don't know beforehand who will be visiting you. They should ALL get access though. I have to remove sites from The Hun if they have this feature switched on since some people get redirected, lowering the experience on my site...

    So, and this goes for galleries on The Hun, but I'm 100% sure the same thing is true on many different settings as well, don't use a WHITELIST if you really mean to your a BLACKLIST... and not only for browser signatures, but also for referrals. Some galleries are set up to allow traffic from thehun.net only, but what if people use a proxy for instance...

    Anyway, had to share this, if you don't submit to thehun, fine, learn from it anyway, I'm sure it can help others. I see a lot of things 'modern' programmers now do wrong in sooooo many ways... WorldPress galleries for instance... resources don't seem to matter anymore, optimization doesn't even exist anymore. I'm an old school programmer. And I kept up with modern technology with that old school approach. Which means I'll always go for using the least amount of resources. We were amongst the first to have a responsive site, working on both desktop and mobile devices, we had endless scrolling working before even Facebook figured out how to do that correctly... I'll be sharing more in the future
  • Oracle Porn
    Affiliate
    • Oct 2002
    • 24433

    #2
    cloudflare is not a host though...


    Comment

    • The Hun
      Confirmed User
      • Jan 2001
      • 1207

      #3
      they deliver content... effectively the same thing (in this case)...

      Comment

      • directfiesta
        Too lazy to set a custom title
        • Oct 2002
        • 30135

        #4
        another race thread











        /jk
        I know that Asspimple is stoopid ... As he says, it is a FACT !

        But I can't figure out how he can breathe or type , at the same time ....

        Comment

        • ctggls
          Confirmed User
          • Aug 2012
          • 898

          #5
          @TheHun do you have some examples of Wordpress gallery optimization?

          Comment

          • The Hun
            Confirmed User
            • Jan 2001
            • 1207

            #6
            Originally posted by ctggls
            @TheHun do you have some examples of Wordpress gallery optimization?
            I have plenty of examples of the oposite...

            well, I had, declined a bunch of galleries for loading libraries over and over again. Optimisation and wordpress are a contradiction of terms... WordPress is great in the way it is one solution for a whole bunch of problems. Downside is that that flexibility tends to create a lot of overhead. Personally for instance: all those ways to make thumbs animate into larger pics... People come to a gallery to get entertained... although there is a large portion of the world's population that will get entertained by animating thumbs most people just want to see titts and ass... so the animations are sucking up resources and not giving the user what they came for. Usually (usually, not always!) less is more... especially with ads/galleries... you want them to load quick... to the point... all kinds of dynamic libraries and such will only slow things down...

            For instance, did you ever try the Audit function in Chrome? Tells people a lot about their website. Google takes page speed in consideration these days. So the faster the page the higher up you'll be.

            Comment

            • ctggls
              Confirmed User
              • Aug 2012
              • 898

              #7
              Originally posted by The Hun
              I have plenty of examples of the oposite...

              well, I had, declined a bunch of galleries for loading libraries over and over again. Optimisation and wordpress are a contradiction of terms... WordPress is great in the way it is one solution for a whole bunch of problems. Downside is that that flexibility tends to create a lot of overhead. Personally for instance: all those ways to make thumbs animate into larger pics... People come to a gallery to get entertained... although there is a large portion of the world's population that will get entertained by animating thumbs most people just want to see titts and ass... so the animations are sucking up resources and not giving the user what they came for. Usually (usually, not always!) less is more... especially with ads/galleries... you want them to load quick... to the point... all kinds of dynamic libraries and such will only slow things down...

              For instance, did you ever try the Audit function in Chrome? Tells people a lot about their website. Google takes page speed in consideration these days. So the faster the page the higher up you'll be.
              Hmm , interesting point... Never tried Audit function but will try it...

              Comment

              • MasonSquelch
                Registered User
                • Jun 2014
                • 51

                #8
                Optimizing a website is one thing, knowing the basics (white- vs. blacklisting (some software even allows greylisting)) something different. I personally consider poorly designed systems a mere matter of evolution: either their design is not that important and they survive, or it's so bad and they dwindle. At least there's software that makes things a lot easier, and WordPress isn't the worst one. Stuffing bad / poor / needless plugins into WP is a common mistake. But all these mistakes are the raison d'être for a lot of consultants and SEOs, no?

                By the way: the plugin 'Dust-Me-Selectors' does similar things for Firefix like Audit does for Chrome. The WordPress plugin P3 (Plugin Performance Profiler) is pretty good at finding resource hogs in your pugin collection.
                Mental Sinema - Wanktrance Outfitter

                Comment

                • srockhard
                  Retired
                  • Jul 2011
                  • 1976

                  #9
                  Thank you for the article. What about just disabling the browser check in Cloudflare settings?
                  Piper Pines

                  Comment

                  • The Porn Nerd
                    Living The Dream
                    • Jun 2009
                    • 19787

                    #10
                    Thank you Patrick SO much for your post! I too HATE it when a page takes forever to load and no one seems to give a shit about that these days.

                    My paysite tours are now very thumbnail-heavy but you would be amazed (maybe not) how similar paysites with thumbs who do not optimize their thumbs! A thumb can be like 800mb in some cases. Crazy!

                    This is also why I do not use animated GIFs (tho I think some of them are cool and maybe good for capturing a surfer's attention with movement) but for a gallery? No way man. LOL

                    (I hope our Galleries and banners are loading quick for TheHun. Please let me know if not.)
                    My Affiliate Programs:
                    Porn Nerd Cash | Porn Showcase | Aggressive Gold

                    Over 90 paysites to promote!
                    Now on Teams: peabodymedia

                    Comment

                    • robwod
                      Confirmed User
                      • Nov 2005
                      • 2540

                      #11
                      Patrick, the browser signature check in Cloudflare is the option that causes an issue with your bot (you and I spoke it via email awhile back if you recall). Because your bot is not tied to a specific IP (or IP's), it can't be whitelisted effectively.

                      The browser signature / browser integrity signature check causes your bot to fail via Cloudflare (I think your bot fails their integrity check), which in turn rejects your bot. And of course, when your bot is rejected (in this case redirected to a rejected page), it results in the submitted gallery to be placed in suspended mode.

                      I don't think Cloudflare's Browser Integrity Check option is available as part of the free subscription, but it is definitely part of the paid subscription. I can't recall if it's default ON or OFF. Anyone using Cloudflare and submitting to you, though, absolutely needs to check and make sure the Browser Integrity check is disabled, or their galleries will be disabled.

                      As for me, I have a love/hate relationship with Cloudflare. Certain things, and certain times, they've been quite an asset. Other times, a royal pain in the ass.
                      NSFW

                      Comment

                      • The Hun
                        Confirmed User
                        • Jan 2001
                        • 1207

                        #12
                        Originally posted by robwod
                        Patrick, the browser signature check in Cloudflare is the option that causes an issue with your bot (you and I spoke it via email awhile back if you recall). Because your bot is not tied to a specific IP (or IP's), it can't be whitelisted effectively
                        I know the blame for this could be put in the fact that my bot has no point nosing around on people's galleries, but it doesn't need to be added to the whitelist, there shouldn't be a whitelist on a free gallery to begin with, that is the whole point of my post... I understand a whitelist for a paysite or something that grants exclusive access to some, but you never know exactly who you block, so that makes it never a good idea for a free gallery/add/whatever-you-want-to-call-it...

                        Switching the option off indeed is smart: IF you're doing free galleries... if you're running a paid service it's different...

                        Sites can be optimized in so many ways. And it's important too now that google takes speed in consideration. I started loading banners asynchronously for instance, I'll dedicate another post to that some day. But at least thehun doesn't get punished anymore for loading times of banners I'm not hosting myself.

                        Comment

                        • robwod
                          Confirmed User
                          • Nov 2005
                          • 2540

                          #13
                          Originally posted by The Hun
                          I know the blame for this could be put in the fact that my bot has no point nosing around on people's galleries, but it doesn't need to be added to the whitelist, there shouldn't be a whitelist on a free gallery to begin with...
                          I know for myself, I block any bot that serves me no purpose -- at the firewall/router. For example, non-SE Spider bots, **anything** from China, several ranges from ColoCrossing. They are useless to me and/or problematic (spamming, malware attacks, etc).

                          In any case, one thing people can do with CloudFlare who have an issue with your bot is to do the following:

                          1. Disable Browser Integrity Check
                          2. If their galleries are in a subfolder or subdomain, they can add a specific rule to exclude that subfolder/subdomain in their WAF settings (Web Application Firewall).
                          NSFW

                          Comment

                          • Mickey_
                            • Nov 2005
                            • 4238

                            #14
                            Racist thread.


                            (Bump for business) ;)


                            LifeSelector Affiliates - Make money today promoting the online porn of tomorrow.

                            mb [at] lifeselector.com

                            Comment

                            • The Hun
                              Confirmed User
                              • Jan 2001
                              • 1207

                              #15
                              Originally posted by Mickey_
                              Racist thread
                              Mickey... don't make me yellowlist your ass!

                              Comment

                              • NatalieK
                                Natalie K
                                • Apr 2010
                                • 20110

                                #16
                                My galleries never seem to have a problem, I must be on your whitelist. Care for a glass of wine
                                My official site / Custom vids / Make money links / First time girls
                                Email: [email protected] - "Converting traffic into income since 2005"

                                Comment

                                • Mickey_
                                  • Nov 2005
                                  • 4238

                                  #17
                                  Originally posted by The Hun
                                  Mickey... don't make me yellowlist your ass!
                                  Sounds kinky.


                                  LifeSelector Affiliates - Make money today promoting the online porn of tomorrow.

                                  mb [at] lifeselector.com

                                  Comment

                                  • freecartoonporn
                                    Confirmed User
                                    • Jan 2012
                                    • 7683

                                    #18
                                    i disabled mostly useless shit on cloudflare, only use cdn things to speed up site.

                                    but idk why cloudflare slows down my wp blog, so i dont use cloudflare + wp ,
                                    SSD Cloud Server, VPS Server, Simple Cloud Hosting | DigitalOcean

                                    Comment

                                    • The Hun
                                      Confirmed User
                                      • Jan 2001
                                      • 1207

                                      #19
                                      With the blacklist/browser signature check disabled there wouldn't be a problem indeed... I don't understand though why they block so many things to speed things up and why people have something like that enabled? I mean, sure, it will block a lot of robots, but the collateral damage must be huge...

                                      Comment

                                      Working...