[DigitalPoint] App for Cloudflare®

[DigitalPoint] App for Cloudflare® 1.5.7

No permission to download
  • Made some minor changes to the logic of when to serve cached pages or not (Guest page caching)
  • If a session is empty (like when a user logs out), go ahead and fully expunge it
  • Made some changes to R2 adapter so it could be configured for extra directories via config.php
  • Added some code to work around XenForo not updating CSRF token in URLs (this bug report)

This version has a fix for Cache Rule management when the zone/domain didn't have an existing ruleset in place for the entrypoint phase (a Cloudflare thing).

...basically for accounts that have never looked at or touched Cache Rules in their Cloudflare accounts before.
  • Like
Reactions: thumped
  • Ability to cache HTML pages for guests in Cloudflare data centers (much, much faster website for guests)
  • Fixed misspelling of Cloudflare in two phrases
  • Fixed issue where you wouldn't be able to change API token if your existing API token was invalid
  • Added support for Cloudflare Cache Rules
  • Removed auto-configuration option for CSS and image proxy caching via Page Rules
  • Added support for auto-configuration for CSS and image proxy caching via Cache Rules
A couple things to note...

If you have Page Rules setup for XenForo CSS and/or image proxy from previous versions of this add-on, you can delete those and add them back as Cache Rules if you want (it's not required, but it will free up some Page Rules for your zone if you use them for other things).

The ability to cache guest pages at the network edge (Cloudflare data centers) is a powerful tool that can make page load time for guests much, much faster in most cases. This only applies to guests (non-logged in users). If you want to do a real-world test, run a GTmetrix test without the feature enabled, then run it with the feature enabled (maybe run it a couple times after it's enabled to make sure the cache is being hit). I've been seeing a 2-5x speed increase for guest pages myself.

Guest page caching allows the HTML of your site to be cached in Cloudflare data centers around the world (close to 300 of them currently). So user's network connection only needs to go as far as the data center closest to them when there is a cache hit vs. being backhauled to your physical server.

Here's an example without guest page caching:


The same XenForo page with guest caching enabled:


If you want to see it live/in action, it's running on this site if you want to click around as a guest to see how it "feels" speed-wise:

IMPORTANT for existing users: The new R2 functions and control of new settings require some new permissions for the API Token you use. You can go to your Cloudflare API Tokens, edit the token you have and add the following permissions:
  • Account.Account Analytics: Read
  • Account.Workers R2 Storage: Edit
  • Zone.Bot Management: Edit
  • Zone.Cache Rules: Edit
You should have a total of 14 permissions for your API token at this point. If you don't have 14, you can check what you should have under XF Admin -> Options -> External service providers -> Cloudflare authentication

  • Fixed issue with compatibility with old versions of PHP.
  • Requires PHP 7.0 or higher (just getting too annoying/difficult to maintain backward compatibility with very old versions of PHP on old versions of XenForo).
  • New Cloudflare setting: Network error logging
  • Bot Fight Mode, Automatic Signed Exchanges (SXGs) & AMP Real URL settings can be used with API tokens now (before you had to use Global API keys to access those settings).
  • Added note about changing Worker subdomain.
  • New option for country blocking allows blocking to apply to entire site or just registration.
  • Make it so XenForo's FsMount class can disable asserts on a per-adapter basis (makes filesystem faster and cuts R2 API calls in half because we don't need to explicitly check if an object exists before we try to get it).
  • Changed verbiage reflect Cloudflare's change of "firewall filter rules" to simply "firewall rules".
  • Cloudflare API calls that return a server error code (5xx) will transparently retry once before giving up.
R2 (object storage)
  • R2 support (yay!)
  • R2 requires use of an API token (can't use Global API key, no way around that).
  • Internally caching Cloudflare account ID, so we don't need to make API call to get it over and over (account ID normally never changes).
  • Internally caching API token ID (required for R2 usage).
  • New CLI command to migrate data between two different abstracted filesystems: php cmd.php dp:migrate-data [--new-to-old] [--processes=PROCESSES] [--start-at-path=START-AT-PATH] [--location=LOCATION] [--path=PATH]
  • Can see R2 storage/usage for Cloudflare account as a whole (in footer of R2 admin area).
  • Can see recent R2 logs (for individual buckets as well as Cloudflare account-level).

What is R2? R2 is a cloud object storage system. This add-on allows you to store things like avatars and attachments in the cloud rather than your server. The cost to use R2 is extremely reasonable... the first 10GB of storage is free, each GB after 10GB is $0.015 per month. For example, if you had 100GB of attachments and avatars you wanted to store in R2, the cost would would be $1.35 per month.

I've built a CLI tool to migrate data from one file system to another (for example you could go from local storage to R2 with it), however it needs to work within the limitations of XenForo and Flysystem. Which means, if you need to move more than a few GB worth of files, you are going to be better off using a free utility like rclone to do it.
This adds some functionality to Cloudflare's Turnstile captcha option added to XenForo 2.2.12.

IMPORTANT for existing users: The new Turnstile functions require a new permission for the API Token you use. You can go to your Cloudflare API Tokens, edit the token you have and add the Account.Turnstile: Edit permission.

One-click Turnstile site creation

You can automatically set up Turnstile for your site without going to Cloudflare's site with a "Setup in Cloudflare" button:



Buttons for direct links to Settings and Analytics

Once Turnstile is setup for your site, you will get new Settings and Analytics buttons that give you direct links to manage/report on your Turnstile site within Cloudflare.

Minor update...
  • Give human-readable error when the domain/zone does not exist on Cloudflare account when trying to work with it.
  • Like
Reactions: eva2000
  • Handling of Access policy creation when some admins have no email address.
  • Better handling of favicons when using unfurl proxy and destination is using relative favicons.
  • Like
Reactions: eva2000
  • Removed stray variable in a tooltip
  • Fixed issue where setting values considered "good" when disabled would show the opposite value for their setting (things like Development Mode and Rocket Loader which are considered "good" when disabled)
  • Support for new Cloudflare setting: Network -> HTTP/2 to Origin
  • Fixed an issue where the Cloudflare Worker for unfurl proxying would not have it's route enabled
Not particularly keen on putting out a followup release so quick, however there is an issue where the Cloudflare Worker for unfurl proxying would not have it's route enabled (and wouldn't work since there was no route).

If you've already enabled the unfurl proxy, all you need to do to enable the route on Cloudflare's side is simple look at the proxy options page at admin.php?cloudflare/proxy. The act of viewing that page does a sanity check for the Workers to make sure they have a valid route, and if one doesn't, it enables the default route.
  • Like
Reactions: eva2000 and thumped
The option to Force registration challenge added in version 1.1.1 has been extended to optionally apply to the contact form as well. If you already created the managed challenge for registrations you can click the option again to toggle on/off the contact form option (it will update the existing rule).


Using Cloudflare Workers as an image proxy was added in version 1.1.0. Now you can also use Cloudflare Workers as an unfurl proxy to further hide the origin server's IP address.

  • Like
Reactions: thumped and eva2000