CloudFlare Page Rules
- Thread starter Ntown
- Start date
-
- Tags
- cloudflare
JulianD
Well-known member
I know the following rules are not for everyone but those two are a must for me. Since I host all my files in DigitalOcean Space, when a user request an attachment, the server has to go to the Space bucket, download it and then serve it back to the client. For a lot of my threads, users tend to upload between 10 and 20 images per posts and this would put a pressure to the server that I'm not comfortable with.
So I created this set of rules to fix that problem:
But be warned: any private attachment from private forums and private conversations will be cached as well.
So I created this set of rules to fix that problem:
But be warned: any private attachment from private forums and private conversations will be cached as well.
digitalpoint
Well-known member
Edge caching attachments will cause you to lose some XenForo functionality. Specifically, attachment view counts as well as varying attachment permissions for different user groups (if you have any).
These are the 3 Cloudflare Page Rules I use:
I ended up disabling the styles and js rules because that can be achieved with a properly configured web server. CSS is the only one that is really needed because Cloudflare will not cache a request with a php extension unless you force it to with a page rule.
These are the 3 Cloudflare Page Rules I use:
I ended up disabling the styles and js rules because that can be achieved with a properly configured web server. CSS is the only one that is really needed because Cloudflare will not cache a request with a php extension unless you force it to with a page rule.
arn
Well-known member
arn
Well-known member
Security High in admin might cause you some problems with saving templates.
It's also possible this can become a problem with regular posting if people are posting what looks like code.
digitalpoint
Well-known member
I'd disable that rule personally. For security to Admin area, check out Cloudflare Access (free if you need 5 or less people able to get into it).
digitalpoint
Well-known member
Avatars and thumbnails have file extensions that are cacheable by Cloudflare, so it's not necessary to create specific page rules for them as long as your web server is configured properly.
For Nginx, I use this in the config (which in turn passed through by Cloudflare and causes things to be cached at the edge for a year without needing to use up any of your Cloudflare page rules):
NGINX:
location /data/ {
add_header Cache-Control "public, max-age=31536000";
}
location /js/ {
add_header Cache-Control "public, max-age=31536000";
}
location /styles/ {
add_header Cache-Control "public, max-age=31536000";
}
location /favicon.ico {
add_header Cache-Control "public, max-age=31536000";
}
location ~ \.(svgz)$ {
add_header Content-Encoding "gzip";
add_header Vary "Accept-Encoding";
add_header Cache-Control "public, max-age=31536000";
}You don't think it's important to turn off caching and performance, etc. to Admin?
digitalpoint
Well-known member
Nope... everything that needs to be not cached, XenForo already does it automatically.
Correct. Either you misread my question or I'm confused. (I'm guessing the latter).
digitalpoint
Well-known member
Maybe I’m confused... but either way, no... don’t see a reason for page rules for the admin area. If you use Cloudflare Access (what I was talking about originally), it more or less puts the admin area behind a firewall.
Ahhh, it was my mistake. I misread your response and the last one clears it up.
If Access was free past Sept. 1, I'd absolutely use it. However...
this is a brand new forum and I live in a country not known for spammers (I see very, very few instances of this country code in my CSF logs for trigger LFD DENY). So I just have /admin* set to BLOCK every country but mine. Pretty damned effective for free, don't you think?
Question: do any of you guys know of someone who has an effective way to use 2FA to reach apps? Or everyone just uses Cloudflare Access if they want that?
If Access was free past Sept. 1, I'd absolutely use it. However...
this is a brand new forum and I live in a country not known for spammers (I see very, very few instances of this country code in my CSF logs for trigger LFD DENY). So I just have /admin* set to BLOCK every country but mine. Pretty damned effective for free, don't you think?
Question: do any of you guys know of someone who has an effective way to use 2FA to reach apps? Or everyone just uses Cloudflare Access if they want that?
digitalpoint
Well-known member
I believe Access is free for 5 or less users (even past September 1). Their verbiage is a little confusing about it, but it reads that way to me.
Alpha1
Well-known member
XF config or nginx config?
digitalpoint
Well-known member
That's Nginx config... For me, that's part of the vhost file for the site within
/etc/nginx/vhost.d/sitename.conf.
dethfire
Well-known member
I have witnessed a delay in the avatar changing
Similar threads
