Another example of the broken security space. The security vendor points at the tech-incapable customer. The tech-incapable customer points right back at the security vendor. Wash. Rinse. Repeat. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Johannes Müller Aguilar via NANOG" <nanog@lists.nanog.org> To: nanog@lists.nanog.org Cc: "Johannes Müller Aguilar" <JMuellerAguilar@anexia.com> Sent: Tuesday, July 1, 2025 9:05:16 AM Subject: Captchas on Cloudflare-Proxied Sites Hello, We operate as a cloud service provider, and much of our traffic is indeed—per Cloudflare’s terminology—“bot traffic.” For about a month, users behind IP addresses we announce have been prompted to solve captchas when accessing Cloudflare-proxied sites. When we contacted Cloudflare support, they referred us to their customers (e.g., Stack Overflow, OpenAI), but support from those sites directed us back to Cloudflare. I reviewed Cloudflare Radar but found it limited in actionable insights. We also announce prefixes to Cloudflare where the originating AS primarily serves end-users—and where Radar shows over 80% human traffic—yet users still encounter captchas, suggesting the issue may be related to our announcing AS. Has anyone experienced this or found effective ways to resolve it? Any advice or pointers would be greatly appreciated. Best regards, Johannes _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/NZO6QF5X...