On Wednesday, August 1, 2012 1:08:42 PM UTC-7, Jeff Schnitzer wrote: > > On Wed, Aug 1, 2012 at 12:14 PM, Jeff Schnitzer <[email protected]> > wrote: > > > > I'm pissed because this behavior is undocumented. Google doesn't say > > "don't access your site through a shared reverse proxy because we may > > shut you down with some sort of automated threat detection." This > > isn't just a CF issue; any kind of proxy is subject to this totally > > surprising behavior. >
Google automatically blocks IPs sending attack traffic. If you decide to have your entire userbase come through a handful of IPs (in this case the CloudFlare proxies), then any time a single one of your users attacks Google, it's possible all of your users will be blocked. Hopefully none of this is particularly surprising. Note this isn't meant as a dig on CloudFlare -- they put a lot of effort into preventing attacks from reaching the machines behind them, and I'd recommend their use for sites that don't have their own DDoS defenses. It's just an explanation of what most likely happened in this case. Another huge disappointment here is that the failure mode: A redirect > to http://www.google.com/sorry which produces a 200 OK response. Our > monitoring system interpreted this as "just fine" so we didn't get > notice of the downtime for a couple hours. A customer informed us of > the failure. > That page produces a 503, not a 200: bash-3.2$ curl -I 'www.google.com/sorry/?continue=http://www.voo.st/#' HTTP/1.1 503 Service Unavailable [snip other response headers] Could you provide more detail on how you were seeing a 200? I suspect something else in your monitoring is broken, but if you find a way to reproduce a 200 from google.com/sorry/ it would be good to hear about it. Damian -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/nxXeZldNIH4J. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
