> 2.8 Limitation on Serving Non-HTML Content
> The Services are offered primarily as a platform to cache and serve web pages and websites. Unless explicitly included as part of a Paid Service purchased by you, you agree to use the Services solely for the purpose of (i) serving web pages as viewed through a web browser or other functionally equivalent applications, including rendering Hypertext Markup Language (HTML) or other functional equivalents, and (ii) serving web APIs subject to the restrictions set forth in this Section 2.8. Use of the Services for serving video or a disproportionate percentage of pictures, audio files, or other non-HTML content is prohibited, unless purchased separately as part of a Paid Service or expressly allowed under our Supplemental Terms for a specific Service. If we determine you have breached this Section 2.8, we may immediately suspend or restrict your use of the Services, or limit End User access to certain of your resources through the Services.
So it’s not like they don’t allow it at all. You just need to pay for it.
The point of Cloudflare is that hosting your website for free is a service, and you "pay" for that service in strengthening their network; from their S-1[1]:
> Free customers are an important part of our business. .. Our free customers create scale, serve as efficient brand marketing, and help us attract developers, customers, and potential employees.... In addition, the added scale and diversity of this traffic makes us valuable to a diverse set of global ISPs, improving the breadth and economic terms of our interconnections, bandwidth costs, and co-location expenses.
Your theoretical cost as a free customer is outweighed by the positive effects of protecting over 10% of websites on the internet, largely for free. Now, if you run a free video site proxying all your multimedia stream segments to serve pirated movies, or create a site dedicated to user image uploads and quickly balloon to serving hundreds of terabytes a day at the expense of Cloudflare, your value to the network is trumped by how much you're actively costing them in uplink costs and risk exposure.
0: https://community.cloudflare.com/t/the-way-you-handle-bandwi... (they were suspended for proxying over 140TB of a bunch of archive files/binary files over the course of 15 days)
1: https://gist.github.com/judge2020/e49138d588950167b736c630aa...
If there’s a tier to pay for that removes the restriction, then every agent who supports that product should know about it and guide users on why and how to upgrade.
EDIT: There's questions downthread if I've misunderstood ImageBoss's role here. I think ImageBoss was also blocked by CloudFlare recently and separately and is not OP's website.
OP's website (imageboss) looks pretty rad, you can host images and have all sorts of derivative transformations that are done by imageboss and cached for you.
But it's functioning as a CDN (and boasts unlimited transformations, requests and bandwidth, which I think we all know is not actually possible.)
All my tunnels are still running great, for free. I could not be happier.
And that further underlines the need for a grace period, if this really is the best model cloudflare can come up with (presumably it is).
I sure hope your customers read this comment, they should know that you're likely to defraud them, since it's not "nice" of them to want you do what you agree to.
Do they? I'm looking at the docs related to proxy and CDN and I don't see anything.
Where? I've never seen it outside of the fine-print legalese.
There are probably exceptions, but even the most graphically heavy sites have a decent amount of HTML, CSS, and JS content. This is probably due to Google bot not appreciating excessive image use. Marketing folk typically listen very closely to whatever Google dictates.
- Read your terms of service, contractual responsibility and liability for all services. as a leader, youre authoritative and liable for shareholder and corporate risk.
- What you do after the fact is just as important --if not more-- than what you didnt do before. Channel this outrage into action, identify the problem, and countermeasure it to ensure future success.
- Risk is an isotope, do not concentrate it all into one single provider/platform/service or its criticality will prove a detriment to your business. You can mitigate it, accept it, or delegate it, but it cannot be ignored.
- if the product is for free, its likely the roles are reversed. re-evaluate your needs and understand whether youre a consumer, or a product and if this shift in roles aligns appropriately with risk and compliance in your industry. Do not assume the coffee is free.
This is incidentally true of (by)laws too, and it's part of the why behind the familiar adage that it's better to ask forgiveness than permission.
That's partially also the reason why the extremely large players like Google and Facebook have built their own sub-sea fibre lines. Utter madness.
* I've been using various CDN's since the 90's, and I'm currently a Cloudflare Enterprise customer. However, Cloudflare, not without its faults, is still the best option out there.
What type of pricing on enterprise per TB on how bulk usage?
(There's some very good reasons to leave terms a bit vague rather than specified exactly, but then you probably wouldn't expect enforcement in cases that are ambiguous.)
https://almanac.httparchive.org/static/images/2021/page-weig...
This is really a shitty thing from Cloudflare, you cannot shut down an already running business without any notice/grace period.
"all my subdomains that operate as image proxies are banned"
That sounds anywhere from perfectly reasonable to completely shady. Writing a post like this and not providing any additional detail on what you were actually doing to trigger the ToS boot leads me (for one) to believe elaboration on your use case would harm your argument, any sympathizing, etc.
From what I've seen before in many cases Cloudflare uses the "non-html content is disproportionate to html content" ToS clause as a catch-all to boot customers they don't like for one reason or another, are wildly "expensive" from a bandwidth standpoint, etc. As many have pointed out here on HN it doesn't even really fundamentally make sense and most websites, by nature, are going to consume more bandwidth with JS/SVG/PNG/etc vs HTML.
Then the TOS should give examples of common things that trigger use of this policy, for example running an image/video host.
I'd like them to commit to always offering a monetary amount which would satisfy them. Often in business, a migration is a slow and painful process, so simply paying 10c/GB to serve video/images might be preferable.
> 2.8 Limitation on Serving Non-HTML Content
> The Services are offered primarily as a platform to cache and serve web pages and websites. Unless explicitly included as part of a Paid Service purchased by you, you agree to use the Services solely for the purpose of (i) serving web pages as viewed through a web browser or other functionally equivalent applications, including rendering Hypertext Markup Language (HTML) or other functional equivalents, and (ii) serving web APIs subject to the restrictions set forth in this Section 2.8. Use of the Services for serving video or a disproportionate percentage of pictures, audio files, or other non-HTML content is prohibited, unless purchased separately as part of a Paid Service or expressly allowed under our Supplemental Terms for a specific Service. If we determine you have breached this Section 2.8, we may immediately suspend or restrict your use of the Services, or limit End User access to certain of your resources through the Services.
1. It doesn’t help that the “percentage” is ambiguous
2. A couple of days warning or suggestion to move to a higher paying plan would be nice instead of just shutting them down.
I’m this case Cloudflare reminds me a quote from Big Lebowski: “You're not wrong Walter, you're just an asshole.”
I know this is not related to the post, but I tried to use workers for a few times, specifically the Cron workers. However it never worked as it should. My Cron was never triggered. And then, when I contacted their support throught the community, theirs mods seemed to basically don't care that Cron workers don't work. I tried and did everything the support mods said to me but nothing worked.
And then, they just stopped answering me.
And more, it wasn't just me. A bunch of people were having the same trouble with Cron workers.
So I don't use workers anymore.
We had issues with ZeroTrust and could get literally ZeroHelp. We were told the ZeroTrust team doesn't monitor the forums (which were where we were told by support to go for help, lol).
You can check the AWS calculator to figure out the pricing based on your average bandwidth. Depending on your use case you may be paying less than a Cloudflare pro account.
Ironically, weren’t these difficulties due to Imageboss being itself blocked by Cloudflare? [1].
[1]: https://www.linkedin.com/posts/igorescobar_cloudflare-just-b...
There were even specialized wordpress plugins to take care of this. You just assigned multiple subdomains to your website and the plugin would round-robin the subdomain each image would come from.
If this is indeed the case, then we are in a gray area, where he did and did not violate cloudflare's rules at the same time.
While the CMS website receive normal visits and serves HTML content, for Cloudflare it's being used mostly to serve images, breaking their ToS. If the customer website was behind Cloudflare and they used their own (sub)domain to serve images they'd probably be fine because that domain would be serving a healthy mix of HTML and media content.
I think both OP and Cloudflare are in the wrong here. OP was using the wrong product for this and Cloudflare didn't give him time to fix the problem, losing a customer in the process.
So the question is which CDN would make sense for fronting that, both technically and, as seen here, wrt ToS. If not cloudflare... who?
---
(Also, if you're into building such experiences, we're looking for a platform engineering owner to help build out our global gpu network!)
I give up on understanding why these things go viral.
To me, it seems that Cloudflare is just another additional abstraction layer / proxy -- between web sites / web apps / SAAS providers -- and the Internet.
There might be benefits from such an arrangement -- such as Cloudflare's ability to block DDoS attacks...
But there also might be drawbacks from such an arrangement -- such as what do if Cloudflare for whatever reason -- blocks/bans/or otherwise limits you?
Opinion: A good website / web app / SAAS -- would be as distributed as possible -- that is, it would use the Internet natively AND it would Cloudflare AND it would use N Cloudflare competitors/proxy services -- ideally all of them -- at the same time!
In other words -- let the user choose their own route to a provider!
Do you want to use Cloudflare?
Great, we have that!
Do you want to use the Internet natively?
Great, we have that!
Do you want to use a competitor to Cloudflare?
Great -- we have that too!
If it is technically impossible to do that with one domain -- then mirror your site/service/SAAS -- to multiple domains.
Let the user decide what they want...
Incidentally, towards that end, I found the following excellent list on GitHub:
https://github.com/anderspitman/awesome-tunneling
(https://news.ycombinator.com/item?id=30443747 -- for related discussion)
It's non-canonical -- but it's probably a step in the right direction...
I know why Cloudflare detractors use this type of intentionally misleading language, but can we maybe say something like "worlds largest _proxy_" that is more accurate?
0: https://community.cloudflare.com/t/statistically-speaking-wh...
Taken to horrible extremes: Slavery has large benefits.
Even if not taken to extremes, we're talking about the same argument that erodes privacy; "We need to take away your freedom so that the terrorists can't groom your children and bomb your daycare centers!".
I can't even begin to steelman an argument like this, it's just poorly reasoned out.
Cloudflare is a "global network built for the cloud" that.... doesn't allow images? Really?
They have partnerships with Backblaze and Wasabi, object storage providers, but wont allow images to be served over their CDN? Really?
They have their own object storage solu--- ohhhhhhh
The point of Cloudflare is that hosting your website for free is a service, and you "pay" for that service in strengthening their network; from their S-1[0]:
> Free customers are an important part of our business. .. Our free customers create scale, serve as efficient brand marketing, and help us attract developers, customers, and potential employees.... In addition, the added scale and diversity of this traffic makes us valuable to a diverse set of global ISPs, improving the breadth and economic terms of our interconnections, bandwidth costs, and co-location expenses.
Your theoretical cost as a free customer is outweighed by the positive effects of protecting over 10% of websites on the internet, largely for free. Now, if you run a free video site proxying all your multimedia stream segments to serve pirated movies, or create a site dedicated to user image uploads and quickly balloon to serving hundreds of terabytes a day at the expense of Cloudflare, your value to the network is trumped by how much you're actively costing them in uplink costs and risk exposure.
0: https://gist.github.com/judge2020/e49138d588950167b736c630aa...
Maybe it is, maybe it isn’t, my point really is that it’s difficult to tell.
