On Wed, Aug 1, 2012 at 6:37 PM, Drake <[email protected]> wrote: >> If I read this right, you're telling me that anyone can DOS your CDN by > making >> a lot of requests with bogus User-Agent strings (which, incidentally, was > one >> of my guesses). Forget CloudFlare for a moment. >> You aren't the least bit concerned about that? > > If your CDN is worth their salt they are blocking the people doing this "to > you". > > That is a feature they advertise.
You bring up headers, but once again, you try to deflect the conversation to something irrelevant. It is absurd to think that a CDN should be responsible for not passing through headers. That is like playing an endless whack-a-mole game. In fact, I'd hope that my CDN would mess with the headers in the least amount possible. I'd hate to be on the tail end of debugging an issue where data is randomly not making it to my origin. The main thing 'wrong' with this CloudFlare situation is that they didn't have a whitelist agreement setup with Google already. I find this rather shocking because as a huge CDN, you'd think they'd be whitelisted with all the major players. That is like setting up a mail service and not making deals to SPF/DNSBL/whatever whitelist all the email you're sending. jon -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
