Cloudflare's Update Cripples Iranian VPNs #429
Comments
|
You say the Cloudflare system is detecting V2Ray traffic as DDoS. Does it happen only when one V2Ray server is accessed by many clients? Is it something about the protocol that is being detected, or is it the large number of clients? Is the Cloudflare system that is wrongly detecting DDoS configurable by the owner of the Cloudflare account? Or is it "global" and not configurable? |
What is your V2ray setup? Would enabling connection multiplexing help (so that there aren't that many TCP connections)? |
Cloudflare's identification of V2Ray traffic as potential DDoS activity does not seem tied to the number of clients, as the issue has been observed even with minimal usage. It appears that detection relies heavily on analyzing packet headers. While altering headers can sometimes bypass this detection, it’s not a lasting fix, as VPN traffic typically exhibits identifiable 1-to-1 patterns, which may also be leveraged for detection in the future. To disable the security features blocking such traffic, Cloudflare typically requires an Enterprise plan. However, some users on Cloudflare's Discord server have reported temporary resolutions after upgrading to the Pro plan and submitting support tickets. One response from Cloudflare support mentioned:
Even if the problem is solved with this, we will be restricted again due to the support announcement. |
We tested all protocols like WS, gRPC, HTTP upgrade with TLS and non-TLS, and even users with mux were restricted too, so I don't think this is a solution. |
|
I didn't use my server because it was too slow, but now it's dead in every protocol Responds to pings, can proxy directly, but blocked from proxying through CF |
|
CDN Abuse era is gone, other CDNs will follow soon, just like how they ended domain fronting Or you can ask proxy cores developers to make their protocols and transports bypass CDN firewalls too |
|
Has anyone in Iran tried the suggestion of @RPRX from XTLS/Xray-core#3955? 比如,你可以 XHTTP-H3-CDN 上行,结合 XHTTP-H2-REALITY 下行,给 GFW 整点麻烦 🎃,这下又开启了一个崭新的时代 For example, you can use XHTTP-H3-CDN upstream and combine it with XHTTP-H2-REALITY downstream to cause trouble to GFW 🎃. This has opened a new era. |
Recently, for about two weeks, Cloudflare has been blocking domains that use CDN traffic to tunnel VPN traffic, such as v2ray. After contacting Cloudflare, their support team confirmed that the issue stems from their newly updated firewall. This change has already caused widespread issues for Iranian users, as many VPNs relied on Cloudflare to bypass censorship. With IRGFW (Iranian Great Firewall) heavily blocking and detecting IPs, Cloudflare was one of the few viable options for secure access.
IRGFW couldn't block Cloudflare’s IPs outright due to potential collateral impact, but other CDNs like Fastly are easily blocked. Moreover, alternatives to Cloudflare are neither as accessible nor as affordable. Now, Iranians are on the brink of a digital crisis, as Cloudflare’s systems increasingly flag v2ray traffic as HTTP DDoS attacks, leading to more frequent disruptions.
Iranians are effectively trapped between two firewalls: the IRGFW and restrictions from international datacenters that don’t service Iranians, compounded by a lack of payment options for most platforms. With these barriers in place, accessing free internet and media is becoming nearly impossible.
The text was updated successfully, but these errors were encountered: