Old Nick
Well-known member
Hello, I made a translation in French, it is available for free here: https://xenforo.com/community/resources/digitalpoint-cloudflare-french-translation.8863/
Last edited:
No, that's it. If you are getting what you are seeing, my guess is that something is intercepting the request upstream (maybe Cloudflare itself if it's trying to verify you are a human for example).I downloaded a backup, it downloaded as "admin.php" with 0kb of data and 0 lines of data. Is there something that needs to be done specifically to be able to download aside from clicking download?
It'd check theAlso, any advice on a cf rule - I have users with massive tutorial threads and they always need me to update them bc the firewall always gets triggered, having them confirm they are human, but once confirmed, the page gets all screwed up and they aren't able to edit their thread. I'm not good at figuring these things out so if you have any advice, I'd kindly appreciate it.
Security Level
for your Cloudflare zone... if you have the security level higher than is necessary, you'd see both of those things (real humans needing to verify they are human and things like downloads not working because there's something the user needs to do to verify they are human, but the user never sees it).Essentially off
, except when there's an active attack happening, then it's raised as necessary temporarily.I'm whitelisted as well as our server so it's weird if it's trying to verify my downloading it. :/No, that's it. If you are getting what you are seeing, my guess is that something is intercepting the request upstream (maybe Cloudflare itself if it's trying to verify you are a human for example).
Ok, I have mine set to low. I've tried setting up a page rule with:It'd check theSecurity Level
for your Cloudflare zone... if you have the security level higher than is necessary, you'd see both of those things (real humans needing to verify they are human and things like downloads not working because there's something the user needs to do to verify they are human, but the user never sees it).
Your best option with the zone's Security Level is to set it to the lowest option, and then raise it as needed (if you need it). Working the other way around (setting it higher than necessary) will cause unnecessary problems. As an example, all my sites are set toEssentially off
, except when there's an active attack happening, then it's raised as necessary temporarily.
Thanks for the insight. I'll take a look around.Ya that’s a Cloudflare security issue from the page source. Why it’s getting triggered, I’m not sure though. I’d go through everything. You can override security with Page Rules for example (maybe something is setting it high on a per request basis?)
What is Browser Integrity Check?
Browser Integrity Check looks for requests with HTTP headers commonly used by spammers, bots, and crawlers such as requests with a missing or non-standard user agent. If a threat is found, Cloudflare will present a block page.
Note: Browser Integrity Check may affect some actions on your domain. For example, it may block access to your API. You can selectively enable or disable this feature for any part of your domain using page rules.
Probably not to be honest. I have it working on my end, but I’m waiting for next version of XenForo that has Turnstile built in so I can figure out what I need to remove from my addon before I release it (I’m going to support some stuff that won’t be in the default XF implementation like using the API to set up the Turnstile site in Cloudflare).@digitalpoint it's been said some day XF is going to include Cloudflare Turnstile support, but any chance you'll be rolling your version out with this plugin?
Understood and it makes sense on your part for sure. I just don't have the same feeling of "any day"Probably not to be honest. I have it working on my end, but I’m waiting for next version of XenForo that has Turnstile built in so I can figure out what I need to remove from my addon before I release it (I’m going to support some stuff that won’t be in the default XF implementation like using the API to set up the Turnstile site in Cloudflare).
Doesn’t really make sense to release it now knowing that any day XenForo’s implementation is coming out. Then I have to write updater code to switch users from my implementation to XenForo’s. I’d rather keep it simple.
You'd have to be a little more specific than that as far as what you would want to do exactly.@digitalpoint Is there anyway you could integrate this with fail2ban at addon level?
Automatically ban/unban based on fail2ban jails. Adding the IP address to cloudflares firewall.You'd have to be a little more specific than that as far as what you would want to do exactly.
Think I did ask you about this before? My memory is a little bad lol.If you want to do something in Cloudflare based on a decision fail2ban makes, you would need to do it the other way around... fail2ban would need to be the thing triggering the action. I don't know the ins and outs of fail2ban, but how exactly would the addon get notified of things fail2ban is doing? If fail2ban has a notification system, it probably makes more sense to hook directly into that to do whatever action in Cloudflare you want to do.
So I would need to create an api key for each website (not global) on cloudflare and somehow edit cloudflare-apiv4.conf to send to them individually?If you want IP blocks to show up in the addon, when you create them, make sure you are creating the IP block in Cloudflare being for the website's zone (domain). IP blocks that are global (for your entire Cloudflare account/all domains), won't show up in the add-on. It's intentional because there are cases where someone might have 100+ domains, and having all the rules for all the domains mixed into the add-on's interface for the one website gets to be very convoluted trying to find a specific rule for the zone.
You can create a scoped key (just specific permissions) that spans multiple zones (domains). That’s probably your best option so you don’t need one for every domain.So I would need to create an api key for each website (not global) on cloudflare and somehow edit cloudflare-apiv4.conf to send to them individually?
It was an example in the link I posted above.cloudflare-apiv4.conf
Will have a mess around tomorrow. Thanks buddyYou can create a scoped key (just specific permissions) that spans multiple zones (domains). That’s probably your best option so you don’t need one for every domain.
We use essential cookies to make this site work, and optional cookies to enhance your experience.