it's true that our traffic is now being served through cloudflare. this also seems to be the case for hikari3 and wapchan, and presumably some other imageboards too.
I understand the concern about the infamous cloudflare captcha and other annoying access restrictions, but we're using a very minimal subset of cloudflare's features right now which shouldn't include any of that. really, I'm just making use of their reverse proxying (a nice way to reduce attack vectors for the site by concealing our IP), and their caching, which reduces the site's operating costs and ideally actually speeds up load times for users.
I don't have any of the "verify that you're human" captcha stuff enabled, or blanket rules that deny traffic from VPNs or other countries. if you run into something like that, you should mention it here on /meta/, as it probably wasn't intentional!
of course, the load times and operating costs of the site right now, without cloudflare, would be no issue. but given that cloudflare is large enough to give these services out for free (!), it's hard not to see it as an easy way to bolster the site's infrastructure. I'd like the site to be sturdy enough to gracefully handle a sudden increase in traffic and/or attention from bad actors. that way we can try to grow the site without worrying about being caught with our pants down! (。・ω・)b
>Don't serve marzichan.onion .
I have no plan to block read access for tor users, but the tor exit node list has been blocked from posting for many months now; that's not something new with our use of cloudflare. this has been really effective in slowing down raids and other ban evasion; I've seen active raids crawl to a halt because attackers start struggling to find IPs that haven't been blocked yet.
>to protect us from AI robots
like I said above, I don't have anything turned on to prevent this currently - just the basic robots.txt protocol that badly-behaved bots will ignore anyway. but lots of small sites really have found their servers slowing to a crawl or suddenly having much higher bandwidth bills because of AI scraping bots executing what is essentially just a DDoS attack.
if this ever became an issue for us, I'd be more likely to deploy something like anubis than to use cloudflare's features, but my point is that it's not like this threat doesn't exist, so I don't think it's silly to keep in mind as a possibility.