Let us disable the Cloudflare WAF
T
Tom MacWright
Render includes Cloudflare by default. This great, but it also breaks one of the core functionalities of our product. Val Town receives JavaScript code that we want to run. We've built the infra to run this safely - it's like Observable or RunKit. But given that Render has our site behind Cloudflare's WAF, these requests are blocked, and we can't configure the WAF to do differently. It's a pretty bad issue that produces an unfixable bug for us.
This has been requested (configurability of the WAF) in the forum: https://community.render.com/t/security-ability-to-configure-ip-blacklisting-and-ratelimiting-rules/4267
Log In
T
Team Caido
As there been progress on that? Our desktop application is also getting blocked sometimes because cloudflare seem to think it is a both making requests.
T
Thomas Sohet
I actually like to be in control of my own WAF (cloudflare or not) so I definitely vote for this feature
T
Team Caido
We would also be users to that feature, cloudflare is more a PITA than anything else. Plus the latency of cloudflare is often really bad compared to direct to AWS/GCP.
K
Kai Marshland
Would be a big fan of this. I like that render has cloudflare out of the box, but I'd like more configurability as an option