My Goal:

I want my wife’s phone to use a single server URL in her app (e.g., audiobooks.mydomain.com) at all times. I don't want her to have to switch servers in the app manually.

• Away from home: It should route through the Cloudflare Tunnel so she can stream her books.
• At home: It should route entirely over our local Wi-Fi so she can bulk-download large audiobooks at gigabit speeds without piping gigabytes of raw media files through the free tier tunnel, keeping me completely safe from getting banned by Cloudflare for high media bandwidth.

The Plan (and the IPv4 / IPv6 Hurdle):

To achieve this, I am planning to implement Split-Brain DNS using my local AdGuard Home instance to intercept audiobooks.mydomain.com internally and point it straight to my server's local IPv4 address (e.g., 192.168.1.50).

However, my server is strictly IPv4-only (IPv6 is enabled on my local LAN however), but our cellular carriers use native IPv6.

I'm worried about a specific caching/fallback scenario: When my wife walks back into the house and her phone reconnects to the local Wi-Fi, it will query AdGuard Home and get the local IPv4 address. But because smartphones aggressively prefer IPv6, I am concerned the phone might try to reuse a cached public IPv6 address it received while on cellular data or bypass the local IPv4 override entirely to hit Cloudflare's public edge network anyway.

My Questions for the Community:

1. Is my concern about the phone bypassing the local IPv4 DNS override via a cached public IPv6 AAAA record valid?
2. If I add a custom filtering rule in AdGuard Home to completely block/nullify IPv6 queries for that specific domain (e.g., ||audiobooks.mydomain.com^$v6), will that successfully force her phone to drop back to the local IPv4 address while at home?
3. For those running Audiobookshelf or similar low-bandwidth audio services through Tunnels, is the trickle-bandwidth from streaming a single book small enough that Cloudflare doesn't care, or is the Split-Brain DNS approach strictly necessary to protect my account during bulk-sync downloads?

Appreciate any insight, configurations, or advice you guys have!

Sorry for having to use AI to write this but if I wrote it, you probably wouldn't have any idea what I was asking as I tend to ramble, but this is the gist of what I'm trying to figure out.

I'm building a project that has users uploading images and want to use Cloudflare infrastructure for this. The pricing on it is good. However, I can't quite figure out this pipeline.

Cloudflare Images + Transformations seems to be an account-level situation. Media gets all mixed up in one gigant bucket from all of the projects in my account that are leveraging this. Keys are also at an acount level. If I have media coming in from two different projects, I have no way of knowing which ones belong to which project.

The second option I presume is leveraging R2 and putting something in front to transform incoming images. Does Cloudflare offer image transformation for R2 buckets? I can't find anything. I could sure use the free egress, but I don't want to serve up a 3 MB image for a 200x200 profile picture.

Any other options that are cheap and do what CF does? (ie. transform, store, edge caching, free egress)

Tl;dr: Cloudflare laid off much of their Community team and then unexpectedly disbanded the Community Champions program (Discord moderation and early feedback group), leaving the Cloudflare Discord server effectively unmoderated and without the very folks who gave years of their free time to help the community. We’ve decided to create a new unofficial home for Cloudflare users on Discord, a space run by the community, for the community: https://discord.gg/TrPNVKaagR

During the unexpected recent layoffs at Cloudflare, folks involved in leading community efforts unfortunately lost their jobs. This left us (the Community Champions) in an odd spot where we were looking after Cloudflare's own Discord server while having no direct community contacts at Cloudflare. You may have seen many of us in Discord before - we had the green names!

This week, we then received an unexpected message letting us know that, effective almost immediately, the Community Champions program was being disbanded, and our volunteer assistance in the server (moderating the place 24/7 and providing support to Cloudflare’s users) was no longer needed. No real explanation was given as to why, just that it is happening and that the decision had already been made.

The Community Champions program has operated since very early 2021, and has become a staple in Cloudflare’s developer ecosystem, support offerings, and more. Countless users are sent by Cloudflare’s own support team or via product dashboards to the Discord server every single day, and in the vast majority of cases, support for products was offered by a Community Champion purely out of joy and love for the community and Cloudflare.

This news has resulted in many active folks leaving the server already, both community and employees. Therefore, we’re announcing a new unofficial Orange Cloud Discord server, where folks can engage with the same folks who have always helped them, get support for Cloudflare products, and which will be moderated and run by humans who care. Join the server today: https://discord.gg/TrPNVKaagR

---

FAQ

We’ll try to keep this updated as common questions arise in the comments on this post.

What will happen with the old “official” server?

At this point, we don’t know, and it doesn’t seem that Cloudflare does either. There are currently discussions around rebooting it later this summer, but in the meantime, we expect it to be quickly overrun with spam, scams, or worse content now that there’s no longer any active and dedicated moderation team, and the few active employees who were providing support have mostly left. This has already started to happen in the couple of days the server has been unmoderated. We’ve also seen those at Cloudflare who now hold moderation powers unfairly removing negative messages about Cloudflare’s products and decisions (as well as the users posting them), including this very change, which leaves us concerned about the future of open discussion and feedback there.

Why should we believe what you’re saying vs. Cloudflare?

Consider that we are a group of friends who have volunteered our free time over the last many years to help the community, and that Cloudflare is a publicly traded corporation with an image and bottom line to protect. We anticipate that Cloudflare may try to spin their own narrative on what has happened with us posting this, and recognise that this may cause some confusion for the community. While we don’t think what Cloudflare has done is the right move, we don’t want to burn bridges and trust that we don’t need to, so we intend to keep the conversations involved here private if we can. That being said, rest assured that we do have plenty of receipts for what we’ve said Cloudflare has done in this post (including suppressing negative messages from users and outright banning users posting those), and we will share these if we decide it is necessary to preserve the true narrative.

Can I still get support from Cloudflare directly in the new server?

This is unclear. Activity from Cloudflare employees even in the official server is few and far between, with most support coming from the community directly. While there are some Cloudflare employees already in the server, they’re not there in any official capacity, and in time, we hope that many other Cloudflare folks can find a home in the new server.

What happened to the XYZ channel?

One of the issues in the official server that we would raise regularly was the sheer number of channels that ended up abandoned by their product teams. To combat this, we’re starting small but centralising on a few product categories, and will evaluate and increase the number of channels over time as needed.

Can issues still be escalated from the Discord?

In the old server, we had a direct tap to many of Cloudflare’s customer support and engineering folks, including multiple custom integrations allowing us to quickly escalate issues to the right folks. Many of those folks lost their jobs or have left the server after the recent news.

However, lots of us still have very good friends at Cloudflare, and other methods of escalation that we’ll use as needed should issues arise that can’t be solved in the community. We’re confident resolution times won’t be any slower than they currently are.

Will Cloudflare still (officially) use this subreddit?

This subreddit has always been community-moderated, much like the Discord (though unlike the previous Discord server, the community runs the subreddit and holds ownership of it). There are some Cloudflare employees present here, and sometimes you’ll see a response from an executive when a post gets a lot of public attention, but moderation from employees has always been near-zero.

We have no current intentions to remove anyone at Cloudflare from the subreddit - we want to continue collaborating with them to benefit the community, and their integrations for blog posts and things should continue to work without issue.

do Cloudfare think we won't just Task Manager it? Why makes it inconvenient for users?

Long story short, I've had enough of the absolutely abysmal Cloudfare turnstile that every bloody website seem to be using. It has wasted in total hours and hours of my time. What happened to the good old "click car picture" Captchas?

WHY IS LITERALLY EVERY WEBSITE I AM ON USING A F***ING CLOUDFARE CAPTCHA?

Literally every day, I have to go through the sweaty process of switching between different WIFIs and different browsers to get it to work. Most of the times the Captcha won't work on my personal WIFI without VPN, and I LITERALLY have to switch between two different VPNs to have a possibility of it working. And no, I'm not doing resource heavy stuff, nor am I doing shady stuff. I am merely reading blogs, downloading game mods, and searching for info online.

It gets SO TEDIOUS AND ABSOLUTELY DEPRESSING to waste my time on the turnstile for literally tens of minutes every single time I open any of these websites. NONE OF THE TIMES have the captcha completed as fast as the speed advertised by Cloudflare.

WTF do you mean "Verify I am human"? How does clicking a bloody button make me human? They could've at least built a fallback option to use image verification, but NO. They decided to force the captcha to load again and again and again until it completes.

So far, I've tried: using different reputable VPN services, not using VPN, clearing cookies, switching browser, restarting PC, and NONE fixes this problem.

Rant over. I really miss the old days when most of the sites had HCaptcha.

Hey everyone,

I’m looking for some honest opinions on whether my setup is too risky or reasonably safe.

I use a D1 as my main device/server, and I host my own password manager on it (self-built). I also run my TOTP/2FA codes on there. On top of that, pretty much all the company infrastructure I manage is behind Cloudflare.

The thing is: a lot of critical stuff depends on this single setup. I trust the hardware and I monitor things, but I’m wondering if I’m being overconfident.

Would you consider this setup “trusted” enough for important infrastructure, or am I creating a single point of failure? Also, should I still be making regular backups (encrypted exports, offsite backups, spare device, etc.) even if everything seems stable?

Curious how others here handle this kind of setup.

I am a newbee and thank you first! So I live in a country where YouTube and such socialmedias are blocked, as well as AI (like chatGPT/Gemini). I recently setup Cloudflare Zero Trust and I can use WARP to watch YouTube/Instagram. But it's blocking chatGPT and Gemini, also twitter. I want to understand why it's letting me view YouTube but not twitter and AI chats? My other VPN has no issues. Thank you!

Trying to reach Cloudflare Support regarding unexpected KV charges and honestly getting frustrated with the lack of response.

I misunderstood the KV pricing and thought reads/writes were covered under the $5 paid plan because of the limits page. Later found out KV usage is billed separately. My mistake, but I’m only a small-scale user and suddenly seeing almost $14 in charges was surprising.

What confused me more is that this KV cache setup had already been running for 2–3 months before charges suddenly started appearing around April 29, so I genuinely thought my usage was still within my plan.

I already disabled the KV cache usage and sent a polite request asking for a possible one-time waiver/adjustment.

I know I’m probably just a tiny customer paying under $10/month normally, but I’ve had billing misunderstandings before with Google Cloud and at least got responses from support there. Here, it’s already the invoice due date and I still haven’t received any reply at all.

Has anyone else experienced slow billing support responses from Cloudflare?

https://preview.redd.it/1kdmoidy0y1h1.png?width=930&format=png&auto=webp&s=a5014ef6a9bc72f98d705095e679f9fb4e52b5a5

Maybe I am missing something obvious, but I am also very new to this.

I took on the challenge of learning Linux and docker for fun. I host a small Minecraft server off an Ubuntu server on docker (which works) and ran the CloudFlare Tunnel on the same system on docker.

Maybe I am not understanding Tunneling correctly, but my hope was to have the Tunnel instead of having an open port.
If I leave the 25565 port open, people are able to join via my domain name, seems good. When I turn off my port no one is able to connect (But if they are currently on, they don't disconnect).
So my main question is this: Is there a setting I have to have in 'DNS Management' under 'DNS Records', or a setting in the Tunnel itself to have my port closed but server open?

Having built a web game using Durable Objects, I noticed there was a lot that could be done to make the process easier. A lot of the functionality I had to implement felt like boilerplate, so I made a framework that handles it for you.

I wrote a blog post about it here, and If you’re interested in using it, you can install it from npm.

I’d love to hear what people think! :)

Hey guys. I want to vent about something that’s been bothering me for a while regarding major infrastructure providers, specifically Cloudflare.

I get why CDNs exist to speed things up and stop DDoS attacks, but the industry is completely ignoring the fact that these services are actively shielding blatant cybercrime operations. If you look at carding websites like patrickstash and dozens of other CVV and dump shops, a shocking number of them are sitting comfortably behind Cloudflare’s proxy servers.

It’s incredibly frustrating from a security standpoint. The whole point of the proxy is to hide the origin server's real IP address. That means security researchers, threat intel people, and victims trying to track down where these illicit sites are physically hosted just hit a brick wall. You can't even send an abuse report to the actual hosting provider because you can't see who they are.

Whenever people bring this up, the companies just pull the excuse that they are merely internet infrastructure. They claim they just route traffic and that kicking a site off their proxy doesn't actually delete it from the internet. But let's be real here. Running a highly illegal, high-profile carding shop without enterprise DDoS protection is pretty much impossible today. By providing this shield, they are directly keeping these sites online and operational.

Trying to report a blatant carding forum to their abuse department is basically a joke. They just forward the complaint to the hidden hosting provider who is probably bulletproof and doesn't care anyway and then wash their hands of it. Unless there is a massive PR disaster or a direct court order, the proxy protection stays on.

I know people worry about tech companies acting as the internet police and deciding what is or isn't allowed online. But there has to be a line when a site exists solely for financial fraud and selling stolen credit cards. It’s crazy that the cybersecurity community accepts that tracking down threat actors means having to bypass a legitimate US company's security products first.

Curious what you all think about this. I just don't buy that this is the unavoidable cost of doing business on the internet.

I am completely lost with this UI.

I go into Zero Trust and suddenly the entire sidebar changes. Nothing stays where it was a second ago. I can’t tell if I’ve navigated into a new section, a sub-section, or a parallel universe where all menu items got renamed and rearranged just for fun.

There’s zero sense of orientation. No clear “you are here” indicator, no stable navigation structure just a constantly shifting sidebar that changes depending on what mood the system is in. One minute I’m looking at settings, the next I’m in a completely different layout with different options, and I have no idea how I got there or how to get back.

I only find the right settings by pure accident. I stumble onto them, and then still spend ages trying to retrace my steps like I’m solving a puzzle game designed by chaos.

I am genuinely afraid of clicking anything at this point.

Every interaction feels like it could rearrange the maze of daedalus!?

At this point I’d take a ridiculous 7×7 folder structure over this constantly shifting sidebar.

Is it just me? Am i too dumb for this? Who am I? Wait, am i dreaming?