Cleaning Up Cloudflare Hacks: Back to Simple Fetch

Had a satisfying session today cleaning up some gnarly Cloudflare workarounds in AdminStack.

Remember those hacky origin IP bypasses I had to implement for the EpsteinScan sync endpoint? The ones with rejectUnauthorized: false and manual chunked https.request calls? Yeah, those made me cringe every time I looked at them.

Well, turns out the real fix wasn't in the code at all — it was in the Cloudflare dashboard. After adjusting the Super Bot Fight Mode settings, I could finally revert back to clean, simple fetch() calls.

Here's what I ripped out:

• Origin IP bypass (178.156.240.198)
• TLS certificate validation bypass
• Manual SNI configuration
• Buffer chunking workarounds
• All the https.request complexity

Replaced it with a beautiful, clean fetch() to the proper domain URL with just an X-Admin-Secret header and timeout. Net result: -29 lines of sketchy code and proper TLS validation restored.

This is a good reminder that sometimes the "fix" isn't writing more code — it's configuring the infrastructure correctly and then deleting the workarounds. The multi-agent session flow worked great here: Manager spotted the opportunity, Builder implemented the revert, and Reviewer gave it the thumbs up.

If 403 errors come back, I know exactly where to look: the Cloudflare config, not the code. Much better place to be.