The security system

The security system is the system which adds a ?i=1 after the URL.

The knowledgebase said the suffix is unable to be removed, but Cloudflare enablation seem to solve this problem.

Admin also says it will block downloads, but I found, most mordern browsers send cookies when performing a download. This sends the “__test” cookie to the host to bypass the security system.

Then what’s the truth?

P.S. Another question: Are the challange values up to the IP address? Is not good for people who travel outside (as you know, the IP changes frequently on the train).

@yezhiyi said:
The security system is the system which adds a ?i=1 after the URL.

The knowledgebase said the suffix is unable to be removed, but Cloudflare enablation seem to solve this problem.

Yes, it looks like Cloudflare’s IP addresses have been whitelisted in the security check (probably because Cloudflare provides enough security). However, the security system still isn’t fully disabled when using Cloudflare, and you cannot decide to whitelist other IP addresses.

I also cannot guarantee that this behavior will not change in the future. Don’t go building your data service on free hosting and act surprised when it breaks in the future.

@yezhiyi said:
Admin also says it will block downloads, but I found, most mordern browsers send cookies when performing a download. This sends the “__test” cookie to the host to bypass the security system.

It doesn’t block all downloads, it blocks direct downloads.

Some people try to use their free hosting account for file distribution where the file is not downloaded through a browser (like automatically downloading content packs within a video game). That kind of download usage is not supported (or allowed - it’s website hosting after all).

Opening a file link in your browser will still download the file, of course.

@yezhiyi said:
P.S. Another question: Are the challange values up to the IP address? Is not good for people who travel outside (as you know, the IP changes frequently on the train).

It’s just the browser cookie as far as I know. It’s not IP locked because of the obvious issues with dynamic IP addresses.

Thanks.