What evidence do you have to suspect that Google is treating CF as an attack because of the way they form headers?
That doesn't even make sense - if CF is mangling headers, presumably they've been doing it for a while, and it wasn't being blocked before. More likely there's some sort of real traffic going through CF is being recognized as an attack (false positive or not) and that is what turned up the defense screens. If so, you are just as vulnerable. Jeff On Wed, Aug 1, 2012 at 4:04 PM, Drake <[email protected]> wrote: > Not if they form their request headers properly. > > CF sends IPs that are malformed, nonsensical, and non-responsive. (and often > blank) > > My CDN solution says "Request on behalf of X" the right way. > > Oh, and CF has already tried doing that to me. More than once. > > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
