greenchicken
Active member
bot fight mode plan the next one up from free
really like the rule to block the register button for the manual persistent spammers.Honestly, I've had more problems than WAF than I think it's worth (at least if you are using XenForo). WAF is more for situations where a website wasn't particularly built with security in mind. It's looking for HTTP requests that might look malicious because of what's in the payload (something that looks like a SQL query might be a SQL injection, something that looks like it might contain JavaScript might be a JavaScript injection attempt, etc.) XenForo is very solid as far as security goes (things like SQL and JavaScript injections aren't a thing). So at the end of the day, all you are really doing with WAF applied to a XenForo site is messing up your ability to edit templates or post with [code] blocks containing certain things.
Eg, all 162 errors in the error log within the last 90mins coming from this add-on ...I regularly - eg. daily, sometimes several times a day - get these errors, and it appears that one instance generates 3 error log entries. So when it occurs several times over a few mins, then you get double (or even triple) digit error log entries.
The issue isn’t a timeout or anything, rather a general network connection issue on the server. It’s an unexpected disconnect of the client (the client being the server). It’s what would happen if you physically unplugged the server’s Ethernet cable and plugged it back in.
:~$ mtr -rwzbc100 6cba001c6e66f6a2962585edfe412c3f.r2.cloudflarestorage.com
Start: 2023-03-24T08:54:18+1100
HOST: <redacted> Loss% Snt Last Avg Best Wrst StDev
1. AS63949 2600:3c0f:16::5 0.0% 100 0.5 0.8 0.5 9.7 1.2
2. AS63949 2600:3c0f:16:35::2 0.0% 100 0.7 0.6 0.5 0.8 0.1
3. AS63949 2600:3c0f:16:32::2 0.0% 100 1.6 2.5 0.9 45.8 5.2
4. AS63949 2400:8907:100::102 0.0% 100 0.7 1.1 0.5 20.7 2.3
5. AS??? 13335.syd.equinix.com (2001:de8:6::1:3335:1) 0.0% 100 14.4 5.0 1.1 28.1 6.8
6. AS13335 2400:cb00:26:3:: 0.0% 100 1.2 5.0 0.8 76.0 10.9
7. AS13335 2606:4700::6812:95a 0.0% 100 1.0 1.1 0.8 13.9 1.4
:~$ iostat 1 10
Linux 5.10.0-20-amd64 (<redacted>) 03/24/23 _x86_64_ (1 CPU)
avg-cpu: %user %nice %system %iowait %steal %idle
13.35 0.17 2.76 0.10 0.10 83.51
Taking a look over the errors you provided I wanted to mention the 499 client error I saw in the screenshot. A 499 status code refers to "client closed request" error. This is a client-side code where the client did not wait long enough for the server to respond. It may be worth reviewing the PHP configuration to determine if there is any room for modification to allow for this.
You can if you'd like as long as you don't restrict the API token to a single zone/site. For example, I have a single XenForo API token that I use across all my sites.I'm brand new to Cloudflare and thank you for this add-on. I just setup one site, I want to setup a second site. Do I use the same API Token for all sites?
Indeed... it looks like they slightly changed the URL for setting a Worker subdomain. The URL has been updated for the next version.For the proxies it says I need to Pick a cloudflare worker sub-domain. Clicking the link sends me to a 404 on Cloudflare. How do I set this up? I think I figured it out, it's called a Worker service now? I just created the service and deployed/saved. Now your add-on detects it.
Those rules are specific to my site... hitting specific URLs on my site continuously over and over to try to generate referrer spam. So those aren't really going to work on other sites unless you have the same problem. And even then, the URLs they are hitting are going to be different (since it's a different site).On your screenshots you have Firewall rules for bots and spiders. How do I set that up to match yours if that is something recommended?
Those were just made up for the purpose of the screenshot. Looks more interesting when the rules aren't empty. hah I don't have any user agent blocking actually in production myself.Same with the User agents for bad actor bot.
There's really nothing special you need to do as far as backend or server config. I'd just setup Cloudflare to be your DNS provider as a first step (even if you don't use Cloudflare's services beyond that, they are in my opinion the fastest and most reliable DNS provider, so...). At that point you can just toggle on/off if you want traffic routed through Cloudflare or direct to your server. You don't need to do anything special as far as getting the true IPs or anything (if your web server isn't doing it automatically, XenForo does it for you automatically without needing to enable or do anything).
It's probably a lot easier than you are thinking in your mind (basically just make them your DNS provider... done.)
My advice is just to start slow... there's no reason you need to "enable all the things" all at once. You'll just make your head spin. Just get them setup as your DNS provider, and go from there.Thank you..yeah I was reading through all the posts and all the options and it was going way over my head.. a little overwhelming - so I am sure I've been over thinking the entire idea of using cloudflare. I've just heard they are great against denial of service attacks and general hacking, so really wanted to give our community that level of protection... I will take your advice and see how it goes. Appreciate the feedback.
Cloudflare said:if the server responds with a 499, it's because the client has disconnected. how that client is disconnecting is another thing.
to my knowledge, yes it is possible when you have multiple hops involved.
in a client a <> client b <> origin sort of setup
client a may still be connected to client b however client b is no longer connected to the origin
generally happens when the timeouts are not correct overlapping and you have a short timeout somewhere in the chain but the others are longer and still connecting.
The request cannot be loaded. Please try again later.
We use essential cookies to make this site work, and optional cookies to enhance your experience.