[DigitalPoint] App for Cloudflare®

[DigitalPoint] App for Cloudflare® 1.8.2

No permission to download
Overview FAQ Updates (51) Reviews (18) History Discussion
Robert9 said:
Everything is new, and I try to understand.
Click to expand...

If you're new to Cloudflare, and don't really understand any of the settings, I'd recommend that you start with the settings that @digitalpoint laid out here:

xenforo.com

Cloudflare optimizations for XenForo

I've had a few people that use my Cloudflare add-on ask me what Cloudflare options/settings are best for XenForo. So rather than repeating myself privately, I'm going to turn this post into a bit of a configuration help document for those that want to read it. Cloudflare is pretty great out of...
xenforo.com xenforo.com

That said, I still wouldn't recommend just blindly changing those settings. I started with this thread, and his add-on, on a site that wouldn't matter much if I broke something...then just went through the settings in his thread, finding them in the add-on, then finding those settings on Cloudflare, and reading as much as I could about what each of those does so that I can get a better understanding of what, exactly, they do. While there are still a few settings that I'm probably not 100% sure about, I do feel like I have a MUCH better understanding of what each one does and I'm fairly confident, now, that I could manage my site on Cloudflare even without this add-on. Even still, the add-on makes it so much easier that it's not very likely I quit using it any time soon.
 
digitalpoint updated [DigitalPoint] App for Cloudflare® with a new update entry:

Fix for Cloudflare changing the option ID for Cloudflare Fonts

  • The Cloudflare Fonts option ID has changed. This addresses that (it's what I get for giving the ability to toggle options that Cloudflare has deemed "beta"... they are subject to change).
  • Added a sanity check so if future option IDs change, it won't throw an error (along with not being able to change them). Instead, that option won't change until the ID is updated.
Click to expand...

Read the rest of this update entry...
 
Question about caching attachment.

I enabled this option:
1698248613946.webp

In Cloudflare, it created this rule:
Code: 
(starts_with(lower(http.request.full_uri), "https://example.com/attachments/"))
...but with out forcing Edge/Browser TTL:

1698248779618.webp

Xenforo adds the no-cache header, so I wonder if this was intended?
 
I do nothing with the settings now. I just had problems with the admin area, so the idea was that maybe, baby, i have something to do here.
If there is nothing to do for the admin area, the mighty people from Xenforo should tell these lame ducks of cloudflare to change their text!
 
Mr. Jinx said:
Question about caching attachment.

I enabled this option:
View attachment 293062

In Cloudflare, it created this rule:
Code: 
(starts_with(lower(http.request.full_uri), "https://example.com/attachments/"))
...but with out forcing Edge/Browser TTL:

View attachment 293063

Xenforo adds the no-cache header, so I wonder if this was intended?
Click to expand...
Is the no-cache header there when you able the option from the addon? It's supposed to change some headers when you enable the option (specifically it changes the Expires and Cache-Control headers). It intentionally does not force the edge caching in the cache rule, rather just make it eligible (able to be cached). Not doing a blanket "cache everything" gives us more control (for example only cache "media" based on the content type).

You can see the logic used in the DigitalPoint\Cloudflare\Listener\AppPubComplete.php file.
 
digitalpoint said:
...I've found that Cloudflare's Zero-Trust Network Access system is more convenient than HTTP AUTH. Same way the addon can lockdown access to the XF admin area, except do it for the whole domain, rather than just admin.php.

It allows you to do different things like have different users accessing it (without everyone sharing a login/password), doesn't require you to reauth all the time, allows you to bypass it if you are on certain IPs, etc. Some of that you can do with HTTP AUTH if you know how, but it's much easier with Cloudflare's Zero-Trust system.
Click to expand...
Any resources with instructions how to set that up? I've been using the CF firewall rules to limit access to particular IP addresses for admin areas on our live site and the entire domain on our test sites. But sometimes I'm in a place where the IP address changes frequently, or I need to give access to a developer. I signed up for the free tier of Zero Trust. However, it's not obvious to me how to set up a user auth for a particular URL? Thanks!
 
When I set mine up, I used two different "apps." One set up the admin area for all adminstrators using the admin URL. But for the install directory, I set it up for admins but then removed all of the email addresses except for my own. I did it all through this Cloudflare addon. I could try to retrace it once I get back to a computer but it was not that hard to do. What was nice is that I'm pretty sure all of the admin users' email addresses copied over automatically. You no longer need IP address restrictions that way, and if you add the email address of an approved users, you could easily add a developer.

One of my favorite things about using this addon is that with all the recent enhancements to Cloudflare and this app, I can set it up so our server is essentially hidden from anyone via the web, as Cloudflare sits between us and the web. I still have a couple of other ports on the server available but they are also locked to specific IP addresses. (I'm still not sure if I should disable fail2ban just yet. But 20 years ago, tools like these didn't exist. Now I can sleep at night, at least for security issues.
 
I am working now for 20+ hours, maybe i should sleep ... but it seems to me that there is a problem:

  • have question with answer as spam check
  • have checked to have a popup for register / contact (from your addon)

Cant register, always get a message, i should insert a value (no name, no thing!)

Next step: no more question, result: I can register
Next step: uncheck your field, result: I can register
Next step: add question again, result: I can register

conclusion: when I use the checkbox for pop, there is something missing, when using the question/answer check
 
dougdirac said:
Any resources with instructions how to set that up? I've been using the CF firewall rules to limit access to particular IP addresses for admin areas on our live site and the entire domain on our test sites. But sometimes I'm in a place where the IP address changes frequently, or I need to give access to a developer. I signed up for the free tier of Zero Trust. However, it's not obvious to me how to set up a user auth for a particular URL? Thanks!
Click to expand...
The addon can set it up for you. Look under the Access section.
 
hehe yeah. i can confirm. finally decided to see what it was all about. enabled access from cloudflare backend. and then pressed the button in addon backend. and it was all done automatically.
 
Is there any good reason to upgrade to the next level?
I have done nothing until now. Just registered some urls, changed dns, added the add-on, followed the instructions.
Until now, i have no reasons for more rules for example.


The count of visitors is much higher than with google.

Example:
Google says 8000 uniques, 10.000 sessions in 24 hours
Cloudflare says 16.000 visitors in 24 hours.
 
Last edited:
I set now hotlink protection, it shows now protected pictures, but I have no information who tries to download it.
A phone or a website? A phone maybe is ok, a website who includes my picture is not ok.
But what can I do without that?

I have searched the forum for #/data/attachments/# with the post content find, but it seems, i dont have any hot linked pictures from my own server.
 
digitalpoint said:
The addon can set it up for you. Look under the Access section.
Click to expand...
Thanks! The applications set up by your addon helped me figure it out. Any particular reason to have separate applications for install and admin.php? Is there a downside to putting both domains under a single application?
 
dougdirac said:
Thanks! The applications set up by your addon helped me figure it out. Any particular reason to have separate applications for install and admin.php? Is there a downside to putting both domains under a single application?
Click to expand...
No reason other than Zero Trust applications are defined by the URL. So you can't have a single application because the URLs are different for admin and install. If you could... ya, it would make sense to make them a single "application".

There also might be cases where you want all admins to be able to access the normal admin area, but only certain admins to access the install URL.
 
digitalpoint said:
No reason other than Zero Trust applications are defined by the URL. So you can't have a single application because the URLs are different for admin and install. If you could... ya, it would make sense to make them a single "application".
Click to expand...
In my playing around, it seems you are able to add up to five "domains" per application.
zero-trust.webp
I found this when setting up an application for my test sites. I'd click "Add domain" to include each of my test site subdomains, but then I learned you can use wildcards.
developers.cloudflare.com

Application paths · Cloudflare Zero Trust docs

Application paths define the URLs protected by an Access policy. When adding a self-hosted web application to Access, you can choose to protect the …
developers.cloudflare.com
So I think you could include both URLs as different "domains" in the same "application". Of course the use of the word "domain" here is a bit confusing.

digitalpoint said:
There also might be cases where you want all admins to be able to access the normal admin area, but only certain admins to access the install URL.
Click to expand...
True.
 
dougdirac said:
In my playing around, it seems you are able to add up to five "domains" per application.
View attachment 293135
I found this when setting up an application for my test sites. I'd click "Add domain" to include each of my test site subdomains, but then I learned you can use wildcards.
developers.cloudflare.com

Application paths · Cloudflare Zero Trust docs

Application paths define the URLs protected by an Access policy. When adding a self-hosted web application to Access, you can choose to protect the …
developers.cloudflare.com
So I think you could include both URLs as different "domains" in the same "application". Of course the use of the word "domain" here is a bit confusing.


True.
Click to expand...
Ya you definitely can. The addon just does it as two different because of the reasons I said… allows you to differentiate between “normal” admins and specific admins that can do installs.
 
Thanks. Is there a DB query I can use to replace the API token in Setup > Options > Cloudflare in the admin cp?

That would make my life easier when setting up test sites.

Much appreciated!
 
There’s more going on than just inserting the token to the options table. It’s doing a couple backend API calls when you set it to get some info it needs like account ID and zone ID. So programmatic insertion of tokens isn’t going to work as expected unless you also are going to do the “extra stuff” as well.
 
You must log in or register to reply here.

Similar threads

N
[DigitalPoint] App for Cloudflare® - FRENCH translation
Replies
8
Views
845
Ozzy47
Ozzy47
digitalpoint
App for Cloudflare (appforcf.com)
Replies
12
Views
1K
securedme
securedme
Top Bottom