🤕 clumsy.dev 🚀

🚀 hello 🚀

TocToc:

stuff
cache and cdn things
- cache rules
image things
ai things
workers things
cloudflare for saas / ssl for saas
r2 things
waf things
- api gateway / shield
- challenges
ruleset engine
data localization suite / dls
zero trust
- cloudflare access
- data loss prevention / zero trust policies test

expect that things listed here are breaking constantly, do not work as I said they would or just explode 🧨

stuff

obfuscated email - plain email address
header modification - removed cf-connecting-ip; added abc
cname setup, ssl for saas
waiting room
httpbin
regional services: tls decryption in U.S. only - tls decryption in EU only
bulk redirects
websocket echo server, visit /.ws
IPv4 only endpoint | IPv6 only endpoint
your ipv4 | your ipv6

cache and cdn things

cache rules

bypass cache with a query string:

this should always return DYNAMIC

curl -sI -X GET "https://clumsy.dev/caching/cache1.jpg?v=1" | grep cf-cache-status

ignore cache-control header, cache regardless using a cache rule when a specific user-agent is being used. Should always be a HIT:

curl -sI -X GET -A "cacheme" https://clumsy.dev/caching/cache2.jpg | grep -E 'cf-cache-status|cache-control'

without the user-agent it's not cached:

curl -sI -X GET https://clumsy.dev/caching/cache2.jpg | grep -E 'cf-cache-status|cache-control'

image things

polish images (lossy)
image resizing examples - mirage version (disable cache and enable slow 3g in chrome, use mobile device)
crop & trim
some video stream or some here
image delivery 1 image delivery 2 - browse the page from a desktop, tablet and/or mobile device, different image versions will automatically be served

ai things

workers things

cloudflare for saas / ssl for saas

access custom metadata with Workers, look for x-customer-id | github example worker

cache:

workers cache api and other things

kv:

something from KV

durable objects:

durable objects counter

r2 things

waf things

trigger WAF
block EU
rate limiting, open this page and reload a few times repeatedly
custom response based on user agent - open this site in a desktop browser and try curl

curl https://clumsy.dev/custom-response

api gateway / shield

challenges

ruleset engine

origin rules:

override origin port (in this example :9443)

data localization suite / dls

zero trust

cloudflare access

app launcher - logout
access block
isolated browser
start isolated browser
login via sso required
wiki, behind access
warp as an authentication method | get authenticated username/email
access behind a worker - you can also access me through curl with a service-token like so:

curl -s -H "CF-Access-Client-Id: $stCliWorkerAccess" -H "CF-Access-Client-Secret: $stCliWorkerSecret" https://cli-access.clumsy.dev/

validate JWT token - with header information, can also be accessed via curl with a service-token

curl -s -H "CF-Access-Client-Id: $stCliWorkerAccess" -H "CF-Access-Client-Secret: $stCliWorkerSecret" https://jwt.clumsy.dev/

data loss prevention / zero trust policies test

the following require some zero trust policies configured in your account to work.

all sorts of dlp / data loss prevention tests are here, also tenant control and more stuff in the feature as well
- submit a credit card number in here - open this in browser isolation with DLP enabled, and submit something like 4242424242424242
- upload a pdf here - open this in browser isolation and try uploading a pdf
- tenant control - this can only be accessed with a special header pair
- device posture - you need to be connected to warp to access this

stuff #

cache and cdn things #

cache rules #

image things #

ai things #

workers things #

cloudflare for saas / ssl for saas #

r2 things #

waf things #

api gateway / shield #

challenges #

ruleset engine #

data localization suite / dls #

zero trust #

cloudflare access #

data loss prevention / zero trust policies test #