We don't have a lot of experience yet with DDOS protection so there might be downtime as we learn that. As you can see in the issue we're working to implement protection before we need it but it might not be ready in time nor can it protect against everything.
For what it's worth Cloudflare does not do anything different for Tor than for regular IPs. Since those are static pages with most likely not exactly questionable content the use of Tor is probably not all that important anyways that the total number of users that might be affected would be miniscule.
A site operator. It isn't censorship for someone to decide who they want to talk to.
CF is simply giving site owners levers to use if they so choose. While I am a strong supporter of Tor, privacy, and anonymity, CF has done nothing wrong here by allowing site operators to selectively choose who they wish to serve to.
Isn't the problem along the line of so many different people using effectively the same IP addresses (exit points) and looking somewhat similar to each other?
I'd imagine if there was a major ISP network out there that was doing NATing or similar for their customers so everyone came from a small set of IP addresses they'd get the same treatment. More users on the same IP means more abuse from that IP. If anything Cloudflare isn't discriminating. To handle Tor users better you'd have to discriminate (technical definition, not the negative form) to handle Tor users better
I'll second this to amplify the message to please not add CloudFlare for all custom domains and if you feel you must add it then at least make it optional.
This would be an absolute showstopper bug which would prevent some of us from using GitLab Pages if it became a requirement. Definitely do not want.
We don't have a lot of experience yet with DDOS protection so there might be downtime as we learn that. As you can see in the issue we're working to implement protection before we need it but it might not be ready in time nor can it protect against everything.