Cloudflare optimizations for XenForo

Mike Fara

Mike Fara

Active member
ekool said:
I haven't used Cloudflare for caching in a long time but there are some downsides that I remember, I assume they are still the case?
Click to expand...
There are downsides if it is not configured properly or if you try to guest cache the whole site. Generally speaking, there is not much of a pronounced downside at this point in time.
ekool said:
You need to use Cloudflare as your domains DNS provider so they can update the IP address automatically, correct?
Click to expand...
This is correct. You have to move your nameservers to Cloudflare.
ekool said:
If you ever need to move away from their service for any reason, you will have some downtime associated with DNS caches and moving it to another provider/IP?
Click to expand...
Yes, you have to change your DNS A record back to the original server IP. If you are still at the same host, however, it may just be a matter of changing the nameservers back to whatever they were, assuming new DNS entries weren't added. It is easier to export/import DNS tables these days, though.
ekool said:
There is also the issue that Cloudflare has had outages so you are adding another layer of complexity and a point of failure into the mix. I'm assuming all of these are still correct?
Click to expand...
There are now occasionally one or two datacenters that go down, but Cloudflare as a whole has not gone down in a long time. I'm not sure how long its been since the last major outage. Typically what happens now is similar to when parts of AWS, Google Cloud, or Azure go down, and they reroute the traffic to a different node.
 
greenchicken

greenchicken

Active member
It takes about an hour to transfer from Godaddy.
1st you have to unlock your account and to do that your personal who is info instantly goes on icann
while waiting for that go ahead and click I want to transfer to a new registrar.
get your code to transfer but you may as well wait 15 mins or so after it hits your email to even attempt.
Take that code over to CF and click the transfer to CF link, if your domain is still locked which will probably be the case right click on thet greyed out link to get a more accurate status. It will eventually ask for your code (50 or 55 mins to do the whole process) Now this is the most important part if you want a fast transfer , go here and follow the instructions,
You are looking for out going transfers. Approve the transfer and you will be on CF a couple minutes later with totally private icann records.
Godaddy is a early 2k's style clunky website. One website with privacy on Godaddy cost 30.16 1 site with the same at CF was 9.15 and Expires: October 9, 2024 so CF is a deal
 
digitalpoint

digitalpoint

Well-known member
ekool said:
I haven't used Cloudflare for caching in a long time but there are some downsides that I remember, I assume they are still the case?
Click to expand...
Not sure what "they" are. If you tell me what you think the downsides are, I can tell you if they are still the case. :)

ekool said:
You need to use Cloudflare as your domains DNS provider so they can update the IP address automatically, correct?
Click to expand...
Correct... If you want Cloudflare to proxy/CDN your traffic, they would need to handle your DNS.

ekool said:
If you ever need to move away from their service for any reason, you will have some downtime associated with DNS caches and moving it to another provider/IP?
Click to expand...
No, as long as you setup DNS on the new provider before you change the name servers for the domain. You can change DNS providers transparently if you do it properly.

ekool said:
There is also the issue that Cloudflare has had outages so you are adding another layer of complexity and a point of failure into the mix. I'm assuming all of these are still correct?
Click to expand...
Yep, like anything with the Internet, the best you can do is use providers/networks/hosting companies, etc. that are the most tolerant of failures. If any provider has a single fiber connection to the Internet and that cable is severed, it's a bad day if they don't have redundant/backup network routes in place. Cloudflare is no different than anything else... every major website/app/service has had an unplanned outage before... the measure is how long before things went back to normal. I remember when Gmail went down for a couple days.

If you are wary of Cloudflare, don't use them. There's nothing that any site is doing that requires Cloudflare. 🤷🏻‍♂️
 
ekool

ekool

Active member
Thanks for the info guys. I had a DDOS mitigator one time that forced us to change the DNS to them. Once we were done needing the service they made moving away very painful and with a lot of downtime because they refused to point A records to our IP's during the transition... I guess that's why I've been weary to give anything like that a go again with anyone else. This was quite a few years back.

Edit: Does Xenforo need any tweaking anymore? There was some info about changing X-Addr-IP or stuff like that headers in Apache or Nginx, but I'm pretty sure that was old VB stuff? Something so the real users IP shows up in the logs and who's online, not Cloudflares.
 
digitalpoint

digitalpoint

Well-known member
Well that's weird since you control the DNS and A records. I've never seen a case where I tried to create an A record in their DNS setup and it refused (unless it was an invalid IP of course). Are you sure it was Cloudflare refusing, and not the DDoS mitigator?
 
ekool

ekool

Active member
digitalpoint said:
Well that's weird since you control the DNS and A records. I've never seen a case where I tried to create an A record in their DNS setup and it refused (unless it was an invalid IP of course). Are you sure it was Cloudflare refusing, and not the DDoS mitigator?
Click to expand...

No it wasn't Cloudflare, this was the DDOS Mitigator. Just I got burned once way back when so I've been hesitant. Definitely wasn't Cloudflare's fault.
 
digitalpoint

digitalpoint

Well-known member
ekool said:
No it wasn't Cloudflare, this was the DDOS Mitigator. Just I got burned once way back when so I've been hesitant. Definitely wasn't Cloudflare's fault.
Click to expand...
Well, a shady DDoS mitigation service that happened to use Cloudflare really shouldn't dissuade you from Cloudflare itself if the issue didn't have anything to do with Cloudflare. By that logic, you should avoid the Internet since they used the Internet. :)
 
Tracy Perry

Tracy Perry

Well-known member
I avoided CloudFlare for years (other than to have them do my DNS)... and recently have jumped in with both feet dealing with them directly and have yet to have an issue. Years ago I ran into a few issues, but that had more to do with my unfamiliarity with their product.
 
digitalpoint

digitalpoint

Well-known member
As ChatGPT says, it recommended to use protocols with strong security measures to protect against such attacks… For example TLS 1.3.

Also, Cloudflare errs on the side of not doing 0-RTT if it might be an issue. See the end of the article where it talks about replay attacks:

blog.cloudflare.com

Introducing Zero Round Trip Time Resumption (0-RTT)

Cloudflare’s mission is to help build a faster and more secure Internet. Over the last several years, the Internet Engineering Task Force (IETF) has been working on a new version of TLS, the protocol that powers the secure web.
blog.cloudflare.com blog.cloudflare.com
 
You must log in or register to reply here.

Similar threads

VBX Co
Apache + Cloudflare vs Apache + nginx + Cloudflare
Replies
2
Views
235
S4m'
S4m'
NealC
Cloudflare Turnstile vs hCaptcha
Replies
8
Views
860
BassMan
BassMan
digitalpoint
[DigitalPoint] App for Cloudflare®
37 38 39
Replies
779
Views
27K
NealC
NealC
V
Getting an API-Key for Cloudflare Turnstile
Replies
4
Views
398
digitalpoint
digitalpoint
Baby Community
Cloudflare Crashed All Over the World
Replies
10
Views
701
MQK8
MQK8
Top