[DigitalPoint] App for Cloudflare®

[DigitalPoint] App for Cloudflare® 1.8.8

No permission to download
xf_job has four entries for this addon all in future. I assume these are for the IPs blocked currently!

Audit Log file also seems to be fine. Only a handful of API entries for today. Likely for the failed attempts at blocking IP during marking a user account as spam. Hopefully this was just a temporary issue at Cloudflare. Would update if it continues to happen!
 
xf_job has four entries for this addon all in future. I assume these are for the IPs blocked currently!

Audit Log file also seems to be fine. Only a handful of API entries for today. Likely for the failed attempts at blocking IP during marking a user account as spam. Hopefully this was just a temporary issue at Cloudflare. Would update if it continues to happen!
Ya, seems normal/as expected. If it pops up again, you might need to open a ticket with Cloudflare for them to dig into what’s happening on their end.

The normal rate limits for API usage are really high… like 50 API calls per second would be just fine. So the only thing I can think of is just something they have set wrong on your account with a sucky rate limit somehow. I haven’t heard anyone else seeing the same issue.
 
Last edited:
Just noticed that on my sites with this addon installed, it's breaking the image proxy and unfurl function:

1670580473055.webp

1670580516909.webp

This is running on multiple different servers and stacks (CentOS7.9 / Rocky8.7), DirectAdmin, cPanel, Centminmod, Litespeed and nginx.
 
I've done a packet capture with this addon disabled using the image proxy:

1670581312421.webp

With the addon enabled, it's not even making it to the network layer:

Code:
# tcpdump -vvv -i eth0 host 51.89.152.65 -n -s 0 -w /root/image.cap
dropped privs to tcpdump
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
Got 0
 
Managed to track it down to having the workers enabled for the image and unfurl.

This might have actually been caused by re-naming the subdomain used for the workers.dev URL. I've disabled and re-enabled them on one of the sites, and it's working now.
 
Yep, that’s exactly what it would be. The subdomain for your Workers is very important and it reads what it is when you enable the proxy features that use it. So yes, changing your subdomain will cause DNS issue on the backend when the one it knows about becomes unresolvable.
 
I wonder if R2 can now be used without modifying the code provided by XenForo developers 🥺
For those already using R2, how exactly are you using it? I assume an S3 compatible abstracted filesystem adapter? And just across the board (all of data and internal-data, each with it's own bucket)?

I've started to put together an automatic configuration system (it's very, very early... definitely not ready at this point) for a future version of this add-on, so I figured now is a good time to get input from people.

First of all, I've come up with a way so each folder inside filesystem prefixes can be on their own adapter. What this means is if you wanted to have internal_data/attachments in R2, internal_data/keys in XenForo data registry (a custom filesystem adapter I made) and everything else in internal_data just in the local file system (things like sitemaps, file_check, etc), you can do that.

1670823092825.webp

...from within XenForo admin, you can create a new bucket (or use an existing one), you can automatically configure a public subdomain (for direct access for /data/ as an example).

1670823183205.webp

I've started building a data-migration cli tool to move data between different abstracted filesystems (for example you could go from a local adapter to R2):

1670823290213.webp

It's a multi-threaded system (defaults to 10 parallel threads, but can be increased if a server has the resources). I haven't made the R2 adapter yet so that's why it doesn't actually show there yet.

Right now the major holdup is Cloudflare has 3 APIs for object management (a Workers based one [which sucks because then there's a per request cost if you do more than 100,000 per day], the S3 emulation API [which I hate because now there's more keys and hashes and other crap to deal with], there's an undocumented REST API, which is what Cloudflare's dashboard uses... I have that working, but it seems they have severe rate limiting on it, so you run into issues real quick if you are trying to move a ton of objects you already have to R2 at once).

Anyway, while I'm sorting that out, now is a good time to chime in about anything R2 related... how you are using it, what you do like, what you don't like, etc.
 
For those already using R2, how exactly are you using it? I assume an S3 compatible abstracted filesystem adapter? And just across the board (all of data and internal-data, each with it's own bucket)?
I'm storing both data / internal_data in the same bucket. I'd not split them out into their own. Each site I'm using it for has their own bucket.

I'm also using the cache API worker in front of it:


So the R2 bucket URL is mapped to the worker.
 
Well data and internal_data aren’t guaranteed to have unique paths within them. So I could see that being problematic if using the same bucket.

Also, data is intended for public access and internal_data is not (if you are using a Worker for just data I suppose you could work around that). But you don’t need a Worker to allow things to be cached if it’s strictly for that (you can simple use the domain access setting and if you don’t like the default cache control [I believe it’s 6 hours by defaulf], you can use a page rule or cache rule to make it whatever you want). You also don’t incur a per request cost for doing more than 100,000 Worker requests per day.

To me it makes more sense to isolate data and internal_data since the permissions are intended to be different and (in theory) you could have path/file and collisions.
 
So the only thing I can think of is just something they have set wrong on your account with a sucky rate limit somehow.
Kind of giving up on this. Sent them a support request and got a reply that free accounts do not get full support but they have checked my account and there is no restrictions on my account. I continue to get the API error 95% of the time I try to access the backend or try to block the ip of a spammer lol.
 
Kind of giving up on this. Sent them a support request and got a reply that free accounts do not get full support but they have checked my account and there is no restrictions on my account. I continue to get the API error 95% of the time I try to access the backend or try to block the ip of a spammer lol.
Maybe try creating a new API key/token and using that one? The API rate limits are 1200 requests per 300 second rolling window. So you should not hit a rate limit unless you are doing more than 4 API requests per second for a sustained period of time (more than 5 minutes).
 
tbh, i can't imagine i would come anywhere close to that. unless r2 is part of that? even then... i run a very low traffic forum!

i switched api token to global api key and that does not seem to have changed anything for now. would keep an eye.

anyways. for r2... i am using the addon xenforo has provided with changes to core code provided here:

 
tbh, i can't imagine i would come anywhere close to that. unless r2 is part of that? even then... i run a very low traffic forum![/URL]
Nope, R2 isn't part of it. That's why I feel like something is somehow wrong with the API token you are using and suggested to delete that one and make a new one.
 
Have the R2 functionality live on iolabs.io. Made my own filesystem adapter that's more efficient than one of the ones that are made for S3.

Since the add-on has an API access token for other things, I've been able to make it really easy for users. You click a button and it asks you for the bucket name you want to use. It will automatically create that bucket, configure public domain access (for "data") and voila! Everything is configured automatically without you needing to muck with S3 authentication or do any config.php editing.

There's also a cli command I built that will migrate data between two adapters (in this case it was the local file system adapter and R2). So everything was moved cleanly automatically.

Going to let it run a bit on iolabs.io to make sure nothing unforeseen comes up, but that's where it's at now.

1670966766107.webp

1670966737518.webp
 
Get this error when i click the Setup in Cloudflare button for Turnstile.

Capture web_17-12-2022_205958_xenforo.fr.webp

  • ErrorException: 10000: Authentication error
  • src/XF/Error.php:77
Code:
#0 src/XF.php(219): XF\Error->logError('10000: Authenti...', false)
#1 src/addons/DigitalPoint/Cloudflare/Template/Callback/Cloudflare.php(32): XF::logError('10000: Authenti...')
#2 src/XF/Template/Templater.php(1696): DigitalPoint\Cloudflare\Template\Callback\Cloudflare::getCreateWidgetButton('', Array, Object(XF\Template\Templater))
#3 internal_data/code_cache/templates/l2/s0/admin/option_template_captcha.php(65): XF\Template\Templater->callback('DigitalPoint\\Cl...', 'getCreateWidget...', '', Array)
#4 src/XF/Template/Templater.php(1652): XF\Template\Templater->{closure}(Object(XF\Template\Templater), Array, NULL)
#5 src/XF/Template/Templater.php(1681): XF\Template\Templater->renderTemplate('option_template...', Array)
#6 internal_data/code_cache/templates/l2/s0/admin/option_macros.php(230): XF\Template\Templater->includeTemplate('admin:option_te...', Array)
#7 src/XF/Template/Templater.php(825): XF\Template\Templater->{closure}(Object(XF\Template\Templater), Array, NULL)
#8 internal_data/code_cache/templates/l2/s0/admin/option_macros.php(501): XF\Template\Templater->callMacro('option_macros', 'option_row', Array, Array)
#9 src/XF/Template/Templater.php(825): XF\Template\Templater->{closure}(Object(XF\Template\Templater), Array, NULL)
#10 internal_data/code_cache/templates/l2/s0/admin/option_list.php(77): XF\Template\Templater->callMacro('option_macros', 'option_form_blo...', Array, Array)
#11 src/XF/Template/Templater.php(1652): XF\Template\Templater->{closure}(Object(XF\Template\Templater), Array, NULL)
#12 src/XF/Template/Template.php(24): XF\Template\Templater->renderTemplate('option_list', Array)
#13 src/XF/Mvc/Renderer/Html.php(50): XF\Template\Template->render()
#14 src/XF/Mvc/Dispatcher.php(460): XF\Mvc\Renderer\Html->renderView('XF:Option\\Listi...', 'admin:option_li...', Array)
#15 src/XF/Mvc/Dispatcher.php(442): XF\Mvc\Dispatcher->renderView(Object(XF\Mvc\Renderer\Html), Object(XF\Mvc\Reply\View))
#16 src/XF/Mvc/Dispatcher.php(402): XF\Mvc\Dispatcher->renderReply(Object(XF\Mvc\Renderer\Html), Object(XF\Mvc\Reply\View))
#17 src/XF/Mvc/Dispatcher.php(60): XF\Mvc\Dispatcher->render(Object(XF\Mvc\Reply\View), 'html')
#18 src/XF/App.php(2483): XF\Mvc\Dispatcher->run()
#19 src/XF.php(524): XF\App->run()
#20 admin.php(13): XF::runApp('XF\\Admin\\App')
#21 {main}
Code:
array(4) {
  ["url"] => string(47) "/admin.php?options/groups/usersAndRegistration/"
  ["referrer"] => string(65) "https://xenforo.fr/admin.php?options/groups/usersAndRegistration/"
  ["_GET"] => array(1) {
    ["options/groups/usersAndRegistration/"] => string(0) ""
  }
  ["_POST"] => array(0) {
  }
}

BTW Turnstile work fine... but i can't see Analytics and Settings buttons
Thanks for your help ! :)
 
You're right, I should have read better before asking the question... I updated the token but I can't test my site is down: ERR_TOO_MANY_REDIRECTS
I activated Cloudflare and 20 minutes later the site is down... DNS ?? DNSSEC ? SSL certificate ? 🤷‍♂️
 
Check to see if your web server is setup to redirect insecure (http) to secure (https). If you have that enabled, and you have Cloudflare setup to make insecure requests to the origin (your server), you might see a loop like that... the connection for end users is secure but the server sees an insecure connection, so it redirects them to the secure connection... which comes back to the server as an insecure connection from Cloudflare.... and again and again (the loop).

The best thing to do is disable the server from doing insecure -> secure redirects, and handle that on Cloudflare's side.
 
Back
Top Bottom