A couple things to note...
- Ability to cache HTML pages for guests in Cloudflare data centers (much, much faster website for guests)
- Fixed misspelling of Cloudflare in two phrases
- Fixed issue where you wouldn't be able to change API token if your existing API token was invalid
- Added support for Cloudflare Cache Rules
- Removed auto-configuration option for CSS and image proxy caching via Page Rules
- Added support for auto-configuration for CSS and image proxy caching via Cache Rules
If you have Page Rules setup for XenForo CSS and/or image proxy from previous versions of this add-on, you can delete those and add them back as Cache Rules if you want (it's not required, but it will free up some Page Rules for your zone if you use them for other things).
The ability to cache guest pages at the network edge (Cloudflare data centers) is a powerful tool that can make page load time for guests much, much faster in most cases. This only applies to guests (non-logged in users). If you want to do a real-world test, run a GTmetrix test without the feature enabled, then run it with the feature enabled (maybe run it a couple times after it's enabled to make sure the cache is being hit). I've been seeing a 2-5x speed increase for guest pages myself.
Guest page caching allows the HTML of your site to be cached in Cloudflare data centers around the world (close to 300 of them currently). So user's network connection only needs to go as far as the data center closest to them when there is a cache hit vs. being backhauled to your physical server.
Here's an example without guest page caching:
The same XenForo page with guest caching enabled:
If you want to see it live/in action, it's running on this site if you want to click around as a guest to see how it "feels" speed-wise:
IMPORTANT for existing users: The new R2 functions and control of new settings require some new permissions for the API Token you use. You can go to your Cloudflare API Tokens, edit the token you have and add the following permissions:
You should have a total of 14 permissions for your API token at this point. If you don't have 14, you can check what you should have under XF Admin -> Options -> External service providers -> Cloudflare authentication
Account.Account Analytics: Read
Account.Workers R2 Storage: Edit
Zone.Bot Management: Edit
Zone.Cache Rules: Edit
R2 (object storage)
- Fixed issue with compatibility with old versions of PHP.
- Requires PHP 7.0 or higher (just getting too annoying/difficult to maintain backward compatibility with very old versions of PHP on old versions of XenForo).
- New Cloudflare setting: Network error logging
- Bot Fight Mode, Automatic Signed Exchanges (SXGs) & AMP Real URL settings can be used with API tokens now (before you had to use Global API keys to access those settings).
- Added note about changing Worker subdomain.
- New option for country blocking allows blocking to apply to entire site or just registration.
- Make it so XenForo's FsMount class can disable asserts on a per-adapter basis (makes filesystem faster and cuts R2 API calls in half because we don't need to explicitly check if an object exists before we try to get it).
- Changed verbiage reflect Cloudflare's change of "firewall filter rules" to simply "firewall rules".
- Cloudflare API calls that return a server error code (5xx) will transparently retry once before giving up.
- R2 support (yay!)
- R2 requires use of an API token (can't use Global API key, no way around that).
- Internally caching Cloudflare account ID, so we don't need to make API call to get it over and over (account ID normally never changes).
- Internally caching API token ID (required for R2 usage).
- New CLI command to migrate data between two different abstracted filesystems:
php cmd.php dp:migrate-data [--new-to-old] [--processes=PROCESSES] [--start-at-path=START-AT-PATH] [--location=LOCATION] [--path=PATH]
- Can see R2 storage/usage for Cloudflare account as a whole (in footer of R2 admin area).
- Can see recent R2 logs (for individual buckets as well as Cloudflare account-level).
What is R2? R2 is a cloud object storage system. This add-on allows you to store things like avatars and attachments in the cloud rather than your server. The cost to use R2 is extremely reasonable... the first 10GB of storage is free, each GB after 10GB is $0.015 per month. For example, if you had 100GB of attachments and avatars you wanted to store in R2, the cost would would be $1.35 per month.
I've built a CLI tool to migrate data from one file system to another (for example you could go from local storage to R2 with it), however it needs to work within the limitations of XenForo and Flysystem. Which means, if you need to move more than a few GB worth of files, you are going to be better off using a free utility like rclone to do it.
This adds some functionality to Cloudflare's Turnstile captcha option added to XenForo 2.2.12.
IMPORTANT for existing users: The new Turnstile functions require a new permission for the API Token you use. You can go to your Cloudflare API Tokens, edit the token you have and add the
One-click Turnstile site creation
You can automatically set up Turnstile for your site without going to Cloudflare's site with a "Setup in Cloudflare" button:
Buttons for direct links to Settings and Analytics
Once Turnstile is setup for your site, you will get new
Analyticsbuttons that give you direct links to manage/report on your Turnstile site within Cloudflare.
- Give human-readable error when the domain/zone does not exist on Cloudflare account when trying to work with it.
- Removed stray variable in a tooltip
- Fixed issue where setting values considered "good" when disabled would show the opposite value for their setting (things like
Rocket Loaderwhich are considered "good" when disabled)
Not particularly keen on putting out a followup release so quick, however there is an issue where the Cloudflare Worker for unfurl proxying would not have it's route enabled (and wouldn't work since there was no route).
- Support for new Cloudflare setting:
Network -> HTTP/2 to Origin
- Fixed an issue where the Cloudflare Worker for unfurl proxying would not have it's route enabled
If you've already enabled the unfurl proxy, all you need to do to enable the route on Cloudflare's side is simple look at the proxy options page at
admin.php?cloudflare/proxy. The act of viewing that page does a sanity check for the Workers to make sure they have a valid route, and if one doesn't, it enables the default route.
The option to
Force registration challengeadded in version 1.1.1 has been extended to optionally apply to the contact form as well. If you already created the managed challenge for registrations you can click the option again to toggle on/off the contact form option (it will update the existing rule).
Using Cloudflare Workers as an image proxy was added in version 1.1.0. Now you can also use Cloudflare Workers as an unfurl proxy to further hide the origin server's IP address.
IMPORTANT for existing users: The new solve rate metric requires a new permission for the API Token you use. You can go to your Cloudflare API Tokens, edit the token you have and add the
- New User registration option: Registration form is an overlay
- Added ability to auto-configure Cloudflare firewall filter rule to force new registrations to go through managed challenge (helps mitigate automated spam registrations)
- Adds 24 solve rate metrics for firewall filter rules (needs new "Zone.Analytics: Read" permission)
IMPORTANT for existing users: The setup of the Cloudflare Workers image proxy system requires a new permission for the API Token you use, you can go to your Cloudflare API Tokens, edit the token you have and add the
- Ability to use a Cloudflare Worker as a backend image proxy to hide the origin server's IP address when XenForo's image proxy fetches the image
- Some minor cosmetic tweaks to Cloudflare lists of things in admin area
Account.Workers Scripts: Editpermission.
This gives you an easy/fast/reliable/free way to hide your server's origin IP from someone trying to get it for malicious purposes.