[DigitalPoint] App for Cloudflare® 1.9.1.1

[PhineasD]

@digitalpoint I get this error when I try to delete a cache rule in ACP

Client error: DELETE https://api.cloudflare.com/client/v4/zones/dcfeb94fc4cf733fcd9353b7a8c774ff/rulesets/04ac84767b814cdc89dd3adad3f340e0/rules/cc2e6238f30d4a5e9464d5c4cd7da193 resulted in a 400 Bad Request response: { "result": null, "success": false, "errors": [ { "message": "invalid JSON: '' cannot be a array" } (truncated...) / {"result":null,"success":false,"errors":[{"message":"invalid JSON: '' cannot be a array"}],"messages":null}

 

[digitalpoint]

@digitalpoint I get this error when I try to delete a cache rule in ACP

Client error: DELETE https://api.cloudflare.com/client/v4/zones/dcfeb94fc4cf733fcd9353b7a8c774ff/rulesets/04ac84767b814cdc89dd3adad3f340e0/rules/cc2e6238f30d4a5e9464d5c4cd7da193 resulted in a 400 Bad Request response: { "result": null, "success": false, "errors": [ { "message": "invalid JSON: '' cannot be a array" } (truncated...) / {"result":null,"success":false,"errors":[{"message":"invalid JSON: '' cannot be a array"}],"messages":null}

Yep, already fixed in next version. They made a change to the API call.

 

[80sDude]

Hey there I’m trying to set this up in my cloudflare but Im a bit confused with these in red. I create a rule and enter example referrer spam bot but i don’t see a managed challenged in my action drop down menu. As for the user agents i manually enter mozilla the way you have it? Thanks!

 

[digitalpoint]

Hey there I’m trying to set this up in my cloudflare but Im a bit confused with these in red. I create a rule and enter example referrer spam bot but i don’t see a managed challenged in my action drop down menu. As for the user agents i manually enter mozilla the way you have it? Thanks!


View attachment 308924

Those aren't valid rules. I mean I guess you can if you know what you are doing... that will block Internet Explorer 6 just because it's IE6.

As far as no drop-down box, can you post a screenshot of where you are looking that doesn't have the drop-down box? It's there when I try it.

 

[JonathanC]

I've confirmed that Cloudflare is preventing me from using Passkeys. I Paused the service and it immediately started working. Any idea what exactly is causing this? It would save me a ton of time trying to figure it out.

 

[digitalpoint]

I've confirmed that Cloudflare is preventing me from using Passkeys. I Paused the service and it immediately started working. Any idea what exactly is causing this? It would save me a ton of time trying to figure it out.

Sounds like a question related to Cloudflare as a service, not this addon. Unless you mean toggling the addon on and off makes it go from not working to working?

 

[JonathanC]

Sounds like a question related to Cloudflare as a service, not this addon. Unless you mean toggling the addon on and off makes it go from not working to working?

No, disabling the plugin does not fix the issue. But using the pause button within clouflares panel does fix the issue. I was hoping someone had an idea what setting was causing it. I guess I'll start doing some digging on the issue.

 

[JulesR]

I wanted to take a moment to express my gratitude for the [DigitalPoint] App for Cloudflare® 1.8.6. I've been using this addon with XenForo 2.3.2, and it has truly been a game-changer for my setup.

After configuring my server to only accept connections to ports 80 and 443 from Cloudflare's IP list, I have noticed a significant improvement in both security and performance. The integration has been seamless, and the metrics I've been monitoring show that everything is running smoothly.

The visual insights provided by the addon, particularly the detailed analytics and caching information, have made it much easier to keep an eye on the health and performance of my site. I'm particularly impressed with how well the caching and threat management features are working—my server's workload has decreased, and the site feels faster and more secure.

So, a big thank you to the team behind this addon! Your hard work is truly appreciated, and I highly recommend this addon to anyone using Cloudflare with XenForo. Keep up the great work!

 

[hudriwudri]

Shawn, first of all big thanks for providing that addon to the community! Really appreciate it.
I just moved data and internal_data to R2 buckets as described but actually I have a strange issue with XFMG (quite sure it´s not that strange when someone knows more than me ;D) - maybe you (I know you´re not using XFMG) or someone else can point me in the right direction.

First link is an image that has been uploaded after migrating to R2 - https://rollerplausch.com/media/testplausch_1000x130-png.21125/
Second link is an image that has been migrated to R2 - https://rollerplausch.com/media/hall-sensoren-jpg.21118/

If you right click on the first image and select "Open picture in new tab" it will be served from bucket, while the second will ask me to download .data file?

I have also attached pictures from the buckets. Edit: Buckets have been configured via Addon ofc.

Any help/hint would be highly appreciated.

Cheers,
Chris

 

[frm]

One thing I would recommend is setting up your server firewall to only respond to Cloudflare IPs when traffic is coming in on port 80 or 443. At least then someone can't just bypass Cloudflare by hitting your server IPs directly. Kind of defeats the purpose of security if you can just sidestep it. Like I have a daily cron task that grabs Cloudflare IPs from here: https://www.cloudflare.com/ips-v4

...with that, it builds firewall rules so the firewall only allows traffic on port 80 or 443 from those blocks.

Is this something that you're willing to add to App for Cloudflare (XF)?

I don't know if it would be able to have the settings port over from an XF install, but there could possibly be a way if the root user creates a script to link the two to work.

XF add on could pull the IPs (and allow users to add new ones) while a separate script would have to be set up by root on a cron.

Supporting fail2ban or ModSecurity or something...

 

[digitalpoint]

Shawn, first of all big thanks for providing that addon to the community! Really appreciate it.
I just moved data and internal_data to R2 buckets as described but actually I have a strange issue with XFMG (quite sure it´s not that strange when someone knows more than me ;D) - maybe you (I know you´re not using XFMG) or someone else can point me in the right direction.

First link is an image that has been uploaded after migrating to R2 - https://rollerplausch.com/media/testplausch_1000x130-png.21125/
Second link is an image that has been migrated to R2 - https://rollerplausch.com/media/hall-sensoren-jpg.21118/

If you right click on the first image and select "Open picture in new tab" it will be served from bucket, while the second will ask me to download .data file?

I have also attached pictures from the buckets. Edit: Buckets have been configured via Addon ofc.

Any help/hint would be highly appreciated.

Cheers,
Chris

The first one doesn't exist, the second one looks like the object in R2 has the wrong content type, so the browser just downloads it. Disable token auth under R2 settings, then it will use the content type that XenForo thinks it is. Using token auth makes it so you are relying on the content type as set in the R2 bucket.

As for why the content type is wrong in R2, I'm not sure... how did you move the existing data (most likely it was that process that explicitly set the content type to something incorrect when it was uploaded).

Is this something that you're willing to add to App for Cloudflare (XF)?

I don't know if it would be able to have the settings port over from an XF install, but there could possibly be a way if the root user creates a script to link the two to work.

XF add on could pull the IPs (and allow users to add new ones) while a separate script would have to be set up by root on a cron.

Supporting fail2ban or ModSecurity or something...

No sorry... managing user's web server settings is (way) outside the scope of this addon. XenForo doesn't even try to auto-configure your web server.

 

[frm]

No sorry... managing user's web server settings is (way) outside the scope of this addon. XenForo doesn't even try to auto-configure your web server.

A separate tool as "Other Resources", be it a tutorial or the actual script for modification? I don't know if that would be allowable, but it looks like it if a Docker container was allowed as a resource.

Other resources [2.x]

xenforo.com

I'm still trying to wrap my head around all the Cloudflare features to use with XF and this add on.

I don't want to derail the conversation here any further than I already have.

That said,
Thanks for this add on.

 

[digitalpoint]

A separate tool as "Other Resources", be it a tutorial or the actual script for modification? I don't know if that would be allowable, but it looks like it if a Docker container was allowed as a resource.

Other resources [2.x]

xenforo.com

I'm still trying to wrap my head around all the Cloudflare features to use with XF and this add on.

I don't want to derail the conversation here any further than I already have.

That said,
Thanks for this add on.

There’s just too many different web servers and setups within those web servers. Some are managed via shell, some are managed via web interface, etc.

What works for me probably isn’t going to work for you. My setup only works on Nginx compiled from source and only on openSUSE as the operating system, and is designed for a setup where you have multiple physical web servers. So unless someone has that very specific setup, what I do, won’t work for them.

Which leaves me with trying to auto-configure web servers for people just because I have nothing else to do but to figure out their specific setup and how to make what I do work for them. So err… I’m gonna politely decline that task.

 

[hudriwudri]

The first one doesn't exist, the second one looks like the object in R2 has the wrong content type, so the browser just downloads it. Disable token auth under R2 settings, then it will use the content type that XenForo thinks it is. Using token auth makes it so you are relying on the content type as set in the R2 bucket.

As for why the content type is wrong in R2, I'm not sure... how did you move the existing data (most likely it was that process that explicitly set the content type to something incorrect when it was uploaded).

Thanks for your reply. First one should be available now too (deleted wrong image). Indeed disabling token auth makes it work.
I used rclone to transfer the folders:

rclone sync internal_data/attachments rpdata:rp-internal-data-attachments/attachments --verbose --transfers 10
rclone sync data rpdata:rp-data/ -vv --transfers 10

We are talking about the internal_data bucket am I right? Having a quick look type is set to "application/octet-stream". If you could give me a short heads up how to find the correct hash for the images from the links posted I can provide the detailed infos on the bucket items if needed.

Should I recreate the buckets and use your migration tool or did I miss something with rclone or...?

Cheers,
Chris

 

[digitalpoint]

Rclone explicitly sets the content-type to whatever it thinks it should be based on the file extension. Not sure if there’s a way to tell rclone to not do that or not. If you use my migration tool, it doesn’t do that.

 

[hudriwudri]

Rclone explicitly sets the content-type to whatever it thinks it should be based on the file extension. Not sure if there’s a way to tell rclone to not do that or not. If you use my migration tool, it doesn’t do that.

Ok got it, so rclone is the culprit more or less (or I´m too dumb to use it).
I´m running on buckets since yesterday and there have already been uploaded some attachments, images, etc to them. Could you think about an "easy" way to fix that? Would be migrating from R2 back to local file system with your tool (if possible) and then again migrating from local file system to R2 a viable path?
Or can I just rerun the migration from local file system to R2 again but this time with your tool and it will sync/overwrite the data with correct content-type?

 

[digitalpoint]

Ya, that’s one way to do it. You could also just ignore it since it’s really only an issue if you use the token auth option (normally XenForo can handle setting the content-type header).

 

[securedme]

XF2.3 with R2 enabled.

I tried to add an image. Insert thumbnail results in the following broken image (click on it get the full image without problem though). Insert full image can include picture.

What could be the problem?

And I set data.mysite.com and files.mysite.com for data and attachment buckets. But why isn't the URL for internal_data/attachment files.mysite.com but mysite.com/attachments as the following? I can confirm the files are uploaded to R2. Files in data as displayed as data.mysite.com though.

No problem with R2 disabled.

 

[digitalpoint]

Internal data is exactly that… internal data. It’s not supposed to have a public domain assigned to it. Whatever you did outside of the addon config UI for R2 is either wrong or you have a very specific non-standard use case that only you know.

Unless you have a reason unique to your setup to do it, I’d undo whatever you did manually (like add files.mysite.com as a public domain).

TL;DR: if the addon doesn’t offer to set something up for you automatically, it’s not because I couldn’t figure out how to do it, it’s because you shouldn’t do it (again, maybe you have a unique use case, but if you do, only you know why).

 

[securedme]

Ok. I just disabled R2 for /data/ and /internal-data/attachments/ in your add-on. Also deleted the buckets in Cloudflare.

Then I enabled the R2 again in your add-on.

I inserted an image in a message and it shows a full image but when I "insert thumbnail" it shows an empty space in the editor. After I posted the message, Full image is there and the supposed to be thumbnail becomes a broken image with a link. Clicking the link will show an image.

So what makes the thumbnail not appearing? It's just a jpg. It's a fresh server.