Lack of interest Cloudflare IP list should be dynamically updated

This suggestion has been closed automatically because it did not receive enough votes over an extended period of time. If you wish to see this, please search for an open suggestion and, if you don't find any, post a new one.
X

Xon

Well-known member
XF2 has built-in support for Cloudflare, but this is a fixed list of IPs. Clouldflare offers downloadable machine parsable IP lists which are published ahead of time before the IPs are used. Cloudflare IP list as HTML; https://www.cloudflare.com/ips/

IPv4 text: https://www.cloudflare.com/ips-v4
IPv6 text: https://www.cloudflare.com/ips-v6

XF2 already does dynamic code gen by default, so downloading these and converting them to a php file would be fairly simple and avoid needed to update XF2 out-of-band when Cloudflare's IP lists change.
 
Upvote 6
This suggestion has been closed. Votes are no longer accepted.
Generally, I think the idea of moving to a server-side updated list like this is more of a suggestion, so I'm moving that there. It's a very different approach and would significantly change approaches. It's worth noting that you're right we do need to do a small update to the CF IP list and we will in the next release, though it's just the removal of a single IPv6 range; the IPv4 ranges haven't changed and no IPv6 ranges have been added.

As a note, you can manually update the ranges if needed via config.php by updating \XF\Http\Request::$cloudFlareIps.
 
Thanks. Hopefully we will see a more comprehensive support for cloudflare in the future. Its blocking a lot of legit users due to how XF works.
 
Hmm, what kind of "Cloudflare Support" exactly would be needed?

As far as I can see all that this does is reassigning the IP to one provided by a cloudflare header, which IMHO should be done on webserver level anyway (mode_realip/mod_remoteip, etc.)?
 
Here are some of the topics concerned: https://xenforo.com/community/tags/cloudflare/

I have posted various suggestions concerning CloudFlare and am thinking up more to tackle problems with blocked valid users, cloudflare misidentifying xenforo functions as attacks, and cloudflare performance & cache functions compatibility.

There is a lot to be done. Simply look at the Wordpress modules in CloudFlare admin panel:
Firewall rules package contains 42 rules to cater to WordPress: https://support.cloudflare.com/hc/en-us/articles/228325187-Hardening-WordPress-Security
Performance: https://support.cloudflare.com/hc/e...47-Speed-Up-WordPress-and-Improve-Performance
Cache settings: https://support.cloudflare.com/hc/en-us/articles/236166048
For XenForo we need different settings. For example Avatar Caching which is a problem currently.
And look at Wordpress plugins: https://wordpress.org/plugins/search/cloudflare/
 
Last edited:
Alfa1 said:
Thanks. Hopefully we will see a more comprehensive support for cloudflare in the future. Its blocking a lot of legit users due to how XF works.
Click to expand...
Problem really isn't all XF end, Cloudflare WAF rules have some false positives and some are bugs. On higher Cloudflare plans you can get Cloudflare to write custom WAF rules for your site.

But yes more can be done for Cloudflare + Xenforo usage. Will bring it up with my Cloudflare contacts :)
 
eva2000 said:
Problem really isn't all XF end, Cloudflare WAF rules have some false positives and some are bugs.
Click to expand...
Optimally I would love to see XenForo integration from CloudFlare's side and CloudFlare integration from XenForo's side.
Please do bring it up with your cloudflare contacts.

It would be nice if the XenForo team could work with the CloudFlare team on this.
 
Top Bottom