[DigitalPoint] App for Cloudflare®

[DigitalPoint] App for Cloudflare® 1.8.2

No permission to download
Overview FAQ Updates (51) Reviews (19) History Discussion
80sDude said:
Hahaha what I meant was do I create a folder in my directory and if so where would I do that? public html/folder? Or do I create the folder data/folder? Thanks!
Click to expand...

You don't need to manually create any particular folders in your server for "subdomain". The subdomain (e.g. data.yoursite.com or whatever.yoursite.com) is automatically created by the add-on after you've filled out the information when you created the R2 parts (data and internal_data) in the add-on.
 
digitalpoint said:
I really don't know what you are trying to do exactly. If you can point me to whatever you are seeing that is saying you need to create a folder that matches a subdomain (or any folder at all for that matter), maybe I can better understand what exactly you are trying to do and why you are trying to do whatever that is.

If you are trying to use R2 strictly with this addon, maybe you are reading something unrelated to this addon and making things more complicated for yourself than they need to be? Anything you are reading that isn't part of this addon, you can ignore.
Click to expand...
Ok let me try to explain better. When I try to enable R2 for data I get this error.

Photo before enabling R2 for data

IMG_0682.webp


Photo after attempting to enable

IMG_0683.webp

It says domain already in use hence why. That is why I was asking you if i have to create a new subdomain for data. With attachments and xfmg I had no problems at all with enabling. Hope that explains things better.
 
The domain is already in-use, as in it's already assigned to a different bucket (for whatever reason). In-use being it's already a used DNS entry.
 
80sDude said:
What do you recommend that I do? Thanks
Click to expand...
If it was me I’d start over because somewhere along the way someone added a public domain to your internal data bucket. If you don’t know how that happened, or why it happened, I’d delete it the public domain from that bucket.

Basically the same thing I already said here:

digitalpoint

Post in thread '[DigitalPoint] App for Cloudflare®'

As I mentioned previously, I'm not sure how you ended up with a public domain on an internal data bucket, but normally you wouldn't have one. If you manually added it for some reason in the Cloudflare dashboard, then I assume you had a reason to do so and whatever that reason is, is fine with me (although putting all your private/internal data on a public URL probably isn't the best practice from a security standpoint because you've effectively put all the contents of a folder that is supposed to be private [internal_data] and exposed it/made it available to anyone that wants it online)...

Not sure if you are misreading/misunderstanding the things I’m writing or just ignoring it, but the solution is what I’ve already posted.

Step 1: figure out why you have a public domain assigned to an internal data bucket. If you don’t know, remove the public domain from the internal data bucket. If you want to keep that public domain assigned to an internal data bucket (for whatever reason), pick a different public domain. You can’t have two subdomains assigned to the same bucket.

Step 2: Profit.
 
digitalpoint said:
As I mentioned previously, I'm not sure how you ended up with a public domain on an internal data bucket, but normally you wouldn't have one. If you manually added it for some reason in the Cloudflare dashboard, then I assume you had a reason to do so and whatever that reason is, is fine with me (although putting all your private/internal data on a public URL probably isn't the best practice from a security standpoint because you've effectively put all the contents of a folder that is supposed to be private [internal_data] and exposed it/made it available to anyone that wants it online)... Either way, you need to pick a different public domain for a different bucket. You can't have the same public domain on different buckets.

If you don't have a specific reason to have a public domain on your internal data bucket, I'd remove it from that bucket via Cloudflare dashboard.
Click to expand...
Actually it's not a public domain. i shaded out the folder name
digitalpoint said:
If it was me I’d start over because somewhere along the way someone added a public domain to your internal data bucket. If you don’t know how that happened, or why it happened, I’d delete it the public domain from that bucket.

Basically the same thing I already said here:

digitalpoint

Post in thread '[DigitalPoint] App for Cloudflare®'

As I mentioned previously, I'm not sure how you ended up with a public domain on an internal data bucket, but normally you wouldn't have one. If you manually added it for some reason in the Cloudflare dashboard, then I assume you had a reason to do so and whatever that reason is, is fine with me (although putting all your private/internal data on a public URL probably isn't the best practice from a security standpoint because you've effectively put all the contents of a folder that is supposed to be private [internal_data] and exposed it/made it available to anyone that wants it online)...

Not sure if you are misreading/misunderstanding the things I’m writing or just ignoring it, but the solution is what I’ve already posted.

Step 1: figure out why you have a public domain assigned to an internal data bucket. If you don’t know, remove the public domain from the internal data bucket. If you want to keep that public domain assigned to an internal data bucket (for whatever reason), pick a different public domain. You can’t have two subdomains assigned to the same bucket.

Step 2: Profit.
Click to expand...

I see what happened. It's not a public domain that I created it's actually a subdomain but I shaded out the folder name before my site's url on purpose. I thought it showed that i had did that but I guess not. My bad.
 
Still not sure what you mean by folder names. Either way, if you have that public domain/subdomain as an entry in your domain's DNS, it can't be assigned to that bucket (either stop using it for whatever you are using it for and delete it from your DNS, or pick a different subdomain).

Maybe you are confused that it suggests "data" as the subdomain for your data bucket? The subdomain doesn't need to match any folder name that XenForo uses. You could give it a subdomain of literally anything you want. And (normally) the internal-data bucket has NO public subdomain whatsoever.
 
digitalpoint said:
Still not sure what you mean by folder names. Either way, if you have that public domain/subdomain as an entry in your domain's DNS, it can't be assigned to that bucket (either stop using it for whatever you are using it for and delete it from your DNS, or pick a different subdomain).

Maybe you are confused that it suggests "data" as the subdomain for your data bucket? The subdomain doesn't need to match any folder name that XenForo uses. You could give it a subdomain of literally anything you want. And (normally) the internal-data bucket has NO public subdomain whatsoever.
Click to expand...
I think I finally got it figured out and everything is done. Again I'd like to thank you once again for your help.
 
When I tried to include a script in a custom thread field,

1701787728414.webp

When trying to save it, the following error pops up:

1701787776076.webp

Inspecting with Chrome, it shows the following. Basically a 403 error.

1701788260759.webp

Would it be related to any CF settings?
 
Maybe… if you are using things like Security Level at anything but “Essentially Off” you are telling Cloudflare to block requests that contain code. So editing templates, using code blocks in the editor, etc.
 
digitalpoint said:
Maybe… if you are using things like Security Level at anything but “Essentially Off” you are telling Cloudflare to block requests that contain code. So editing templates, using code blocks in the editor, etc.
Click to expand...

Just found that turning off the following temporarily makes saving possible.

1701788955701.webp
 
securedme said:
Just found that turning off the following temporarily makes saving possible.

View attachment 294918
Click to expand...
I’d turn off all the managed rulesets with XenForo. By enabling it, you are effectively telling Cloudflare to keep an eye out for things like HTTP POSTs that look generically suspicious. XenForo handles security for itself better than Cloudflare can at the network level but not knowing anything about XenForo. It’s more for poorly coded sites that you cant or don’t know how to secure properly.
 
digitalpoint said:
I’d turn off all the managed rulesets with XenForo. By enabling it, you are effectively telling Cloudflare to keep an eye out for things like HTTP POSTs that look generically suspicious. XenForo handles security for itself better than Cloudflare can at the network level but not knowing anything about XenForo. It’s more for poorly coded sites that you cant or don’t know how to secure properly.
Click to expand...

I think they're turned on by default. Only two of them, Cloudflare Php and Cloudflare Specials. So I turned them off now.
 
securedme said:
I think they're turned on by default. Only two of them, Cloudflare Php and Cloudflare Specials. So I turned them off now.
Click to expand...
I'm not on a paid plan and I went to https://dash.cloudflare.com/xxx/mydomain.com/security/waf/managed-rules, and there is no list of rules or any way to toggle them:
Cloudflare rules.webp
And the "today" link links to https://blog.cloudflare.com/waf-for-everyone, which says:

The Free Cloudflare Managed Ruleset​

This ruleset is automatically deployed on any new Cloudflare zone and is specially designed to reduce false positives to a minimum across a very broad range of traffic types. Customers will be able to disable the ruleset, if necessary, or configure the traffic filter or individual rules. As of today, the ruleset contains the following rules:
  • Log4J rules matching payloads in the URI and HTTP headers;
  • Shellshock rules;
  • Rules matching very common WordPress exploits;
Click to expand...

I tried to report it under the "support" section, but it says
Customers on our Free plans can only submit tickets for billing, account, and registrar issues.
Click to expand...
 
MaximilianKohler said:
I'm not on a paid plan and I went to https://dash.cloudflare.com/xxx/mydomain.com/security/waf/managed-rules, and there is no list of rules or any way to toggle them:
View attachment 294958
And the "today" link links to https://blog.cloudflare.com/waf-for-everyone, which says:


I tried to report it under the "support" section, but it says
Click to expand...
It says right there, if you want more "comprehensive protection" (as in more rules to turn on), you need to upgrade to a paid plan. And then you'll want to disable them all because none should be used with XenForo, so you are back to what the free plan gives you.
 
digitalpoint said:
It says right there, if you want more "comprehensive protection" (as in more rules to turn on), you need to upgrade to a paid plan. And then you'll want to disable them all because none should be used with XenForo, so you are back to what the free plan gives you.
Click to expand...
Note this text from my previous comment/quote:
Customers will be able to disable the ruleset, if necessary, or configure the traffic filter or individual rules
Click to expand...
 
@digitalpoint I appreciate your update in trying to get presigned URL's to work by forcing content-type but it has side effects sadly I'm seeing so I turned it off again. For example when clicking on a PDF it's causing a download of the attachment instead of viewing it in the browser window. Not sure what else is affected but I'm bailing out of the option once again.
 
NealC said:
@digitalpoint I appreciate your update in trying to get presigned URL's to work by forcing content-type but it has side effects sadly I'm seeing so I turned it off again. For example when clicking on a PDF it's causing a download of the attachment instead of viewing it in the browser window. Not sure what else is affected but I'm bailing out of the option once again.
Click to expand...
A file is downloaded (or not based on the content disposition header), and in the case of using presigned URLs for attachments, the content disposition is set exactly the same way XenForo would have set it (it calls the same underlying method that XenForo uses internally), so a PDF should be treated exactly the same with or without presigned URLs.

As a test, I just uploaded a PDF here (xenforo.com is not using presigned URLs) and it's also downloaded there when you click on it (doesn't show inline in a browser here either without preigned URLs):


If your XenForo PDF attachments are displaying in the browser window, you may have something else that is going on that might be altering HTTP response headers to do that, but XenForo by default downloads PDFs.
 
I use an add-on that displays the PDF in the browser so that must be what broke.

Open PDF

Description: Opens PDF attachments in the browser. By default Safari will download PDF attachments instead of viewing them in the browser. This add-on will allow Safari users to simply click on the PDF attachment and the document will open in...
www.xf2addons.com www.xf2addons.com
 
NealC said:
I use an add-on that displays the PDF in the browser so that must be what broke.

Open PDF

Description: Opens PDF attachments in the browser. By default Safari will download PDF attachments instead of viewing them in the browser. This add-on will allow Safari users to simply click on the PDF attachment and the document will open in...
www.xf2addons.com www.xf2addons.com
Click to expand...
Most likely ya… an addon could certainly cause it to happen even for presigned URLs, it would just need to do it in a more universal way. My guess is that one is altering the content disposition output. If it was altering the underlying method that decides what to set content disposition to, it should work. As I mentioned in the previous post, presigned URLs are simply setting the content disposition to whatever XenForo sets it to, so hooking into the underlying method (rather that changing it after the fact), should work with presigned URLs.
 
You must log in or register to reply here.

Similar threads

Nicolas FR
[DigitalPoint] App for Cloudflare® - FRENCH translation
Replies
8
Views
852
Ozzy47
Ozzy47
digitalpoint
App for Cloudflare (appforcf.com)
Replies
12
Views
1K
securedme
securedme
Top Bottom