Alpha1
Well-known member
CloudFlare is used by many xenforo sites including xenforo.com
CloudFlare analyses user behavious and blocks suspect behavior or throws up Captcha.
Unfortunately CloudFlare does not have a XenForo module like it has for WordPress. It makes no distinction between members and guests. Nor between new members, ranking members and staff. While a guest has no trust level, ranking members or staff are highly unlikely to carry out an attack.
XenForo functions are easily misinterpreted. For example a user pasting a story from bbc.com can be interpreted as an XSS. jquery, polling, especially for members with spotty connections are easily misinterpreted.
This is a problem because valid users are blocked due to misinterpretation. Some of my users break 30 of CloudFlare's firewall rules at a time strictly by normal xenforo use.
CloudFlare has an API: https://api.cloudflare.com/
This give a lot of possibilities.
What I suggest is a setting / permission to whitelist usergroups for CloudFlare Firewall.
It could be useful to also have a setting per user, but that's probably not vital.
CloudFlare analyses user behavious and blocks suspect behavior or throws up Captcha.
Unfortunately CloudFlare does not have a XenForo module like it has for WordPress. It makes no distinction between members and guests. Nor between new members, ranking members and staff. While a guest has no trust level, ranking members or staff are highly unlikely to carry out an attack.
XenForo functions are easily misinterpreted. For example a user pasting a story from bbc.com can be interpreted as an XSS. jquery, polling, especially for members with spotty connections are easily misinterpreted.
This is a problem because valid users are blocked due to misinterpretation. Some of my users break 30 of CloudFlare's firewall rules at a time strictly by normal xenforo use.
CloudFlare has an API: https://api.cloudflare.com/
This give a lot of possibilities.
What I suggest is a setting / permission to whitelist usergroups for CloudFlare Firewall.
It could be useful to also have a setting per user, but that's probably not vital.
Upvote
4
