# "DDoS protection by cloudflare"



## IC_ (May 5, 2021)

Why did GBAtemp suddenly get blocked by some dumb "DDoS protection by Cloudflare"? It just keeps reloading the page and never goes to the actual website, I had to temporarily log in using a private window in Chromium. That dumb thing has never worked in Firefox browsers for me.


----------



## jeffyTheHomebrewer (May 5, 2021)

Same thing happened to me, and I was using vanilla Chrome! Musta been some kinda server reboot. But did you also see the raw HTTP/PHP/whatever text too?


----------



## IC_ (May 5, 2021)

jeffyTheHomebrewer said:


> Same thing happened to me, and I was using vanilla Chrome! Musta been some kinda server reboot. But did you also see the raw HTTP/PHP/whatever text too?
> 
> View attachment 261596


I only saw the "DDoS protection by Cloudflare" screen which keeps reloading by itself.


----------



## shaunj66 (May 5, 2021)

It's a new system we're trialling to help prevent the random server drop outs we've been experiencing lately.

It's totally normal and is employed on a wide range of other sites. You should only see it very rarely.


----------



## jeffyTheHomebrewer (May 5, 2021)

IC_ said:


> I only saw the "DDoS protection by Cloudflare" screen which keeps reloading by itself.


Huh. I guess GBAtemp uses cloudflare, but seeing that message is just rare?


----------



## smileyhead (May 5, 2021)

I've googled your problem and a common cause seems to be timezone mismatch. Are you sure your device is set to the correct timezone?


----------



## jeffyTheHomebrewer (May 5, 2021)

Random server dropouts? Huh?


----------



## Costello (May 5, 2021)

IC_ said:


> I only saw the "DDoS protection by Cloudflare" screen which keeps reloading by itself.


then how are you here?


----------



## jeffyTheHomebrewer (May 5, 2021)

Costello said:


> then how are you here?


Because the error stopped and went away?


----------



## IC_ (May 5, 2021)

shaunj66 said:


> It's a new system we're trialling to help prevent the random server drop outs we've been experiencing lately.
> 
> It's totally normal and is employed on a wide range of other sites. You should only see it very rarely.


I only know one other website that uses that exact same thing and it also never worked in my Firefox browsers, it seems that this protection is so extreme that it just hates anything that isn't the newest Chrome/Firefox/Safari version with no modifications. At least now it seems to be working fine again...


jeffyTheHomebrewer said:


> Huh. I guess GBAtemp uses cloudflare, but seeing that message is just rare?


I think it's an option to enable or disable some of those specific features if you're using cloudflare.


smileyhead said:


> I've googled your problem and a common cause seems to be timezone mismatch. Are you sure your device is set to the correct timezone?


I'm pretty sure it is, I've never had any other security problems or anything caused by that.



Costello said:


> then how are you here?





IC_ said:


> I had to temporarily log in using a private window in Chromium


----------



## Costello (May 5, 2021)

IC_ said:


> I had to temporarily log in using a private window in Chromium


then the problem is on your end 
check your addons, make sure you arent using like terrorist/pedophile-grade IP lol, and so on

" At least now it seems to be working fine again..." => good, didnt see that part.
Problem solved? lol


----------



## OrGoN3 (May 5, 2021)

IC_ said:


> I only know one other website that uses that exact same thing and it also never worked in my Firefox browsers, it seems that this protection is so extreme that it just hates anything that isn't the newest Chrome/Firefox/Safari version with no modifications. At least now it seems to be working fine again...
> 
> I think it's an option to enable or disable some of those specific features if you're using cloudflare.
> 
> I'm pretty sure it is, I've never had any other security problems or anything caused by that.


So many websites use CF DDoS protection. I've never seen that message on this site, but I've seen it on countless others. It's perfectly normal people. If you've never dealt with a CF site, you are new to the internet.


----------



## jeffyTheHomebrewer (May 5, 2021)

Costello said:


> then the problem is on your end
> check your addons, make sure you arent using like terrorist/pedophile-grade IP lol, and so on
> 
> " At least now it seems to be working fine again..." => good, didnt see that part.
> Problem solved? lol


I had a similar issue using stock Chrome (Windows) and NONE of my extensions would tamper with GBAtemp. (to my knowledge)
IP: 



Spoiler: my IP as of this reply


----------



## OrGoN3 (May 5, 2021)

jeffyTheHomebrewer said:


> I had a similar issue using stock Chrome (Windows) and NONE of my extensions would tamper with GBAtemp. (to my knowledge)
> IP:
> 
> 
> ...


I'm using stock chrome. No issues.


----------



## IC_ (May 5, 2021)

Costello said:


> then the problem is on your end
> check your addons, make sure you arent using like terrorist/pedophile-grade IP lol, and so on
> 
> " At least now it seems to be working fine again..." => good, didnt see that part.
> Problem solved? lol


It's solved now, but it seems like the DDoS protection just stopped existing and not that the protection let me through. Addons are nothing special, uBlock origin and other common things like that. IP address also shouldn't be an issue...


OrGoN3 said:


> So many websites use CF DDoS protection. I've never seen that message on this site, but I've seen it on countless others. It's perfectly normal people. If you've never dealt with a CF site, you are new to the internet.


I personally think that it's a lazy and bad solution, if your website really has problems with DDoS attacks then in my opinion there are much better solutions than outsourcing it from a company that controls most of the web. The fact that this protection seems to often hate legitimate users just becuase they don't use a web browser that most of the world uses definitely doesn't help my opinion of it.


----------



## Seriel (May 5, 2021)

IC_ said:


> I personally think that it's a lazy and bad solution, if your website really has problems with DDoS attacks then in my opinion there are much better solutions than outsourcing it from a company that controls most of the web.


There aren't though. Dealing with the influx of traffic from a large DDoS attack isn't anything that most hosting providers or servers can even attempt to deal with. After all, how can any server hope to stop someone from sending a large amount of data without processing it somehow?

Dealing with DDoS attacks is precisely why Cloudflare exists, theyre one of the only networks on the planet with the equipment to deal with them properly. See for example the current situation with Belnet, an ISP controlling Belgian Internet services that has recently succumb to a DDoS and come offline. Those things are nasty, especially when you're popular. If an ISP can't beat them, how can an independent gaming website? It's not possible for GBAtemp to have those resources without outsourcing. 

I assure you the checks arent as simple as they seem, theres a lot going on behind the scenes, and given it works now its probably correctly learned you as a valid user and won't bother you again until some variable changes.


----------



## IC_ (May 5, 2021)

Seriel said:


> There aren't though. Dealing with the influx of traffic from a large DDoS attack isn't anything that most hosting providers or servers can even attempt to deal with. After all, how can any server hope to stop someone from sending a large amount of data without processing it somehow?
> 
> Dealing with DDoS attacks is precisely why Cloudflare exists, theyre one of the only networks on the planet with the equipment to deal with them properly. See for example the current situation with Belnet, an ISP controlling Belgian Internet services that has recently succumb to a DDoS and come offline. Those things are nasty, especially when you're popular. If an ISP can't beat them, how can an independent gaming website? It's not possible for GBAtemp to have those resources without outsourcing.
> 
> I assure you the checks arent as simple as they seem, theres a lot going on behind the scenes, and given it works now its probably correctly learned you as a valid user and won't bother you again until some variable changes.


Depending on the scale of the attack you are right about that, but I still don't see Cloudflare as a good permanent solution to that problem. You're giving up your website to one big company that will be a man in the middle for all incoming requests, and Cloudflare has had outages and has censored some websites in the past. Smaller attacks that aren't on the scale of some of the biggest websites in the world are usually possible to stop without a man in the middle, or at least not with a company that controls most of the Web.
And yes I'm sure those checks are very complicated, that's probably why it doesn't let me through, just because my web browser has some slight differences in the way it makes requests compared to the average Google Chrome or Mozilla Firefox that most people use.


----------



## Alexander1970 (May 5, 2021)

shaunj66 said:


> You should only see it very rarely.



Here in Austria - never until today...but we are different,I know.....


----------



## AmandaRose (May 5, 2021)

@shaunj66 all working perfectly good somewhat rather surprisingly for once with Samsung Internet Browser .


----------



## Costello (May 5, 2021)

IC_ said:


> Depending on the scale of the attack you are right about that, but I still don't see Cloudflare as a good permanent solution to that problem. You're giving up your website to one big company that will be a man in the middle for all incoming requests, and Cloudflare has had outages and has censored some websites in the past. Smaller attacks that aren't on the scale of some of the biggest websites in the world are usually possible to stop without a man in the middle, or at least not with a company that controls most of the Web.
> And yes I'm sure those checks are very complicated, that's probably why it doesn't let me through, just because my web browser has some slight differences in the way it makes requests compared to the average Google Chrome or Mozilla Firefox that most people use.


You sound like me: I was anti-cloudflare... until I started using it. 
Now, I find it absolutely incredible and it's unbelievably affordable for the services it renders.
We have a higher-tier plan so we have SLA, they have uptime requirements, so that downtimes caused by them are not an issue overall.


----------



## IC_ (May 5, 2021)

Why did GBAtemp suddenly get blocked by some dumb "DDoS protection by Cloudflare"? It just keeps reloading the page and never goes to the actual website, I had to temporarily log in using a private window in Chromium. That dumb thing has never worked in Firefox browsers for me.


----------



## The Real Jdbye (May 5, 2021)

IC_ said:


> Why did GBAtemp suddenly get blocked by some dumb "DDoS protection by Cloudflare"? It just keeps reloading the page and never goes to the actual website, I had to temporarily log in using a private window in Chromium. That dumb thing has never worked in Firefox browsers for me.


Do you have NoScript by any chance? That can mess with stuff like this.


----------



## IC_ (May 5, 2021)

Costello said:


> You sound like me: I was anti-cloudflare... until I started using it.
> Now, I find it absolutely incredible and it's unbelievably affordable for the services it renders.
> We have a higher-tier plan so we have SLA, they have uptime requirements, so that downtimes caused by them are not an issue overall.


Well, there's a simple reason why I dislike them: I don't think it's a good thing that one company controls such a big part of the internet. And the fact that they have been blocking me on some websites for years just because I don't use a web browser that most people use definitely leaves a negative impression on me.


The Real Jdbye said:


> Do you have NoScript by any chance? That can mess with stuff like this.


I don't, the only add-ons I have that heavily mess with requests are uBlock origin with a lot of custom rules and Smart HTTPS.


----------



## Sono (May 8, 2021)

For those still seeking solution for this:

This is a problem with Cloudflare's implementation where it confuses Firefox into infinitely refreshing the page. I have no idea why other browsers are immune to this though.

There is an option in Firefox (which seems to have been removed form the UI over the years) where you can disable auto-redirect and show a popup where you can explicitly confirm the redirect.

The reason disabling auto-redirect works around this problem is because it breaks the automatic refresh loop, letting the Cloudflare Javascript to complete, which then can use Javascript redirect to reload the page properly.

The setting to change in *about:config* is *accessibility.blockautorefresh*, and setting it to *true* blocks some forms of automatic redirect.
In my opinion letting this option enabled is great for users and developers alike, as not only can it help diagnose redirect problems for the developer, but also blocks some forms of crapware ad redirects, so you can close the tab before it were to redirect you to C**t Wars for example.


----------



## Sono (Aug 14, 2021)

Just as a heads-up, Firefox for Android (and most likely any other non-PC platforms capable of running Firefox) lacks the above mentioned setting (and adding it manually also has no effect), so with Cloudflare re-enabled, the site is now inaccessible from Firefox for non-PC devices, and experiences the same reload loop as it does on desktop.

Both Cloudflare and Firefox are pointing fingers at eachother, so this will most likely be always an issue until Firefox fully turns into an inferior Chrome clone at last.


----------



## Hayato213 (Aug 14, 2021)

I don't mind the cloudfire if it helps keep the site up, the site being going down the last two days.


----------



## AsPika2219 (Aug 14, 2021)

Look likes OK for me for today! But yesterday was stupid cloudfire which failed loading this forum, just stuck or loop....


----------



## Nikokaro (Aug 14, 2021)

Sono said:


> This is a problem with Cloudflare's implementation where it confuses Firefox into infinitely refreshing the page. I have no idea why other browsers are immune to this though.


Instead, they aren't. On Android Chrome the same thing happens. After numerous attempts, yesterday and today Cloudflare only let me in after 10+ minutes of checking the browser!!! I repeat: more than ten minutes!!!

Trying with the simple Android Web Browser it stays stuck in an endless loop.
You who know about this topic, and are a developer, do you have any alternative solutions?
Thanks for the possible answer.


----------



## Sono (Aug 14, 2021)

Nikokaro said:


> Instead, they aren't. On Android Chrome the same thing happens. After numerous attempts, yesterday and today Cloudflare only let me in after 10+ minutes of checking the browser!!! I repeat: more than ten minutes!!!
> 
> Trying with the simple Android Web Browser it stays stuck in an endless loop.
> You who know about this topic, and are a developer, do you have any alternative solutions?
> Thanks for the possible answer.



I mentioned here that it's broken on Firefox for Android as well.

Lucky for you, I waited almost an hour, and nothing 

I did try debugging it, and I came to a conclusion, but I don't remember anymore, as it was 3months ago.


----------



## Nikokaro (Aug 14, 2021)

Sono said:


> mentioned here that it's broken on Firefox for Android as well


I have written CHROME; of Firefox I had already read, and in fact I have quoted you. Read better...

I would like to point out that the Cloudflare check doesn't happen just once, as it has been wrongly said, but every time you turn off your phone or deactivate the data (internet) line, and then reactivate it.

Whether I will be able to re-enter this site tomorrow, and when, remains an unknown. It seems my fate here will depend on cruel and senseless chance...hehehe [sigh].


----------



## JuanBaNaNa (Aug 14, 2021)

I'm having the same Cloudfire screen with Chrome in my laptop.
I'm having the same Cloudfire screen with Opera in my phone.

But I'm still able to browse the TEMP, so that's cool 




Spoiler: Not gonna lie



I honestly thought mods had enough with my shit and that it was a measure to prevent me from signing in. Ima taking too much credit, but I've got suspended/unable to reply in Reddit twice now... Now I realize how special (and tolerant) the TEMP is with us, and that makes me happy


----------



## Exidous (Aug 14, 2021)

So if I'm understanding this thread correctly, "regular" cloudflare worked before for most people. This site is now using some kind of upgraded version of Cloudflare. This version does not work with all browsers, and instead presents a continuously reloading cloudflare page whenever you try to access gbatemp.

For my part:

The site currently works in: updated and fully googleified chrome (ick)

Doesn't work in: Chromium, Epic

EDIT: also doesn't work in android chrome for me.

This is probably cloudflare's fault for not supporting browsers that aren't bent over and asking to be served with ads/spyware. But this site needs to think about what services it uses, especially given the amount of privacy minded folks around here. If cloudflare is doing Google's bidding it's not a good partner.


----------



## ghjfdtg (Aug 14, 2021)

On Firefox for Android i got it to work but it's hit and miss. Certainly takes longer than 5 seconds... On desktop Firefox it works fine.

I think this type of Cloudflare "protection" is way too agressive and potentially locks out users. Would disable this as soon as possible.


----------



## Nikokaro (Aug 15, 2021)

Using Android Chrome, a few minutes ago I re-entered this site with no problems, after turning off the internet for an hour and then turning it back on. The Cloudflare page was not present. Has it perhaps been permanently deactivated? If not, it's inexplicable.

Over an hour ago, doing the same thing, Cloudflare had taken the usual 10+ minutes to get me in here. 

The mysteries follow one after another.
And (virtual) life gets interesting... hehehe.


----------



## Deleted member 514389 (Aug 15, 2021)

shaunj66 said:


> It's a new system we're trialling to help prevent the random server drop outs we've been experiencing lately.
> 
> It's totally normal and is employed on a wide range of other sites. You should only see it very rarely.


I sure hope that's the case... (Cause I've seen it quite often...)

, as this kind of stuff makes this site feel super cheap...
Kinda like those "one shot - no purpose" sites...


----------



## shaunj66 -- Staff update (Aug 15, 2021)

Just to reconfirm yes, this is a temporary measure while we combat certain external issues. I'm sure you've noticed how slow the site can be lately. This extra level of protection at least makes the site usable but we are certainly aware of the issues it causes for some users.

We are working on it...


----------



## KleinesSinchen (Aug 15, 2021)

shaunj66 said:


> Just to reconfirm yes, this is a temporary measure while we combat certain external issues. I'm sure you've noticed how slow the site can be lately. This extra level of protection at least makes the site usable but we are certainly aware of the issues it causes for some users.
> 
> We are working on it...


The 3DS browser doesn't pass the Cloudflare check! Hihi.

Serious comment: Good luck in solving the problems. I guess nobody likes things like this potentially problematic browser check, but if the other option is the site going extremely slow or even down the choice is obvious. At least it didn't make me click on pictures of busses, storefronts, crosswalks or whatever.

Edit:
No problem here with desktop Firefox. Only takes seconds.


----------



## AmandaRose (Aug 15, 2021)

shaunj66 said:


> Just to reconfirm yes, this is a temporary measure while we combat certain external issues. I'm sure you've noticed how slow the site can be lately. This extra level of protection at least makes the site usable but we are certainly aware of the issues it causes for some users.
> 
> We are working on it...


Not sure if this is the same issue as others have reported but on Samsung Internet Browser I get the cloudflare screen then this message pops up. 



 

I have to hit reload about twenty times before the site loads


----------



## Alexander1970 (Aug 15, 2021)

It works better now.


----------



## AmandaRose (Aug 15, 2021)

alexander1970 said:


> It works better now.


Not for me it gets worse every time I try access the site lol.


----------



## godreborn (Aug 15, 2021)

Had issues a day or two ago.  Thought it might be my router, because the entire internet died on me until I turned it off, then back on.  Been working fine and fast ever since.


----------



## IC_ (May 5, 2021)

Why did GBAtemp suddenly get blocked by some dumb "DDoS protection by Cloudflare"? It just keeps reloading the page and never goes to the actual website, I had to temporarily log in using a private window in Chromium. That dumb thing has never worked in Firefox browsers for me.


----------



## IncredulousP (Aug 16, 2021)

IC_ said:


> Why did GBAtemp suddenly get blocked by some dumb "DDoS protection by Cloudflare"? It just keeps reloading the page and never goes to the actual website, I had to temporarily log in using a private window in Chromium. That dumb thing has never worked in Firefox browsers for me.


Works fine for me on Firefox mobile, Pixel 3XL


----------



## Crazynoob458 (Aug 16, 2021)

https://cdn.discordapp.com/attachments/714952347842904177/876598955994140684/2021-08-16_08-44-18.mp4
cloudflare hates proxies


----------



## Alexander1970 (Aug 16, 2021)

Today not so good....
Needs very long....

...but finally successful.


----------



## shaunj66 -- Update 2 (Aug 17, 2021)

Just an update to let you know that this system has been now been disabled so things should hopefully return to normal.

Let's hope the fast speed continues...


----------



## Alexander1970 (Aug 17, 2021)

shaunj66 said:


> Just an update to let you know that this system has been now been disabled so things should hopefully return to normal.
> 
> Let's hope the fast speed continues...



Yes,today it is definitely very good.


----------



## ClancyDaEnlightened (Aug 17, 2021)

if you are using a vpn/tor it will trigger, or if your ip address changes


----------

