[DigitalPoint] App for Cloudflare®

[DigitalPoint] App for Cloudflare® 1.9.1.1

No permission to download
Overview FAQ Updates (63) Reviews (22) History Discussion
Sim said:
Thanks - I checked the IP addresses you sent me against my paid Maxmind database (more accurate than the free one) and the locations concur with the WhatsMyIpAddress list you've given - other than the Kenya one which is detected as a DataCamp server which Maxmind says is in Romania and the one from India which is listed as "Kings College London" - I think those two are likely to be recently re-allocated IP ranges where the databases haven't been updated yet.

I then started testing the IP addresses individually using the "IP address details" provided by @digitalpoint 's Cloudflare addon (Admin CP > Cloudflare > Tools > IP address details) ... and the results it was giving me do correspond to the same addresses as WhatsMyIpAddress. Have you tried this tool yourself? I'd be curious to see whether it concurs?

So I'm not quite sure what's going on there - it seems to me that everything is showing the correct information, except for your "Cloudflare" list in your table.

I'll check what my sites are displaying and whether it seems accurate.
Click to expand...

I can concur that when individually checking the IP address with Cloudflares tool its geolocation is showing the same as WhatsMyIPAddress. So the issue is the country displayed by this app under the IP address is what is wrong 30% of the time, at least on my site. The question comes down to why is what the app is reporting within XenForo User info conflicting with what it reports using its own tool.

Example:

1739490386881.webp
 
bzcomputers said:
I can concur that when individually checking the IP address with Cloudflares tool its geolocation is showing the same as WhatsMyIPAddress. So the issue is the country displayed by this app under the IP address is what is wrong 30% of the time, at least on my site. The question comes down to why is what the app is reporting within XenForo User info conflicting with what it reports using its own tool.
Click to expand...
It sounds like a bug somewhere. You can run an IP address through multiple geo IP location databases at https://www.iplocation.net/ip-lookup. Cloudflare uses multiple sources for IP geo location data so not just one source.

1739587676399.webp
1739587717774.webp
 
Hey @digitalpoint ,

So I got my second domain and forum through a free CloudFlare account yesterday, popped this plugin just for the kicks, and now I finally have visibility on the traffic sources. "Ignorance is bliss" is absolutely right.

I configured WAF with 2 rules: one to block connections coming from a list of manually curated ASNs, the second to block traffic from TOR. The objective is to get to a point where the forum is accessed mostly by humans from their home/work/mobile devices, not by bots from datacenters or through VPNs. Yeah, it's probably a stupid and monstruous task for a flimsy principle, but I'd rather give it a serious shot first. It definitely is very tedious to look randomly during the day through the guests visiting, check each IP, find out it's assigned to a "Datacenter" or has VPN services, then add the ASN to the list in the WAF rule.

Considering your much deeper experience with CloudFlare and API calls, is there a way to make this easier or even to automate it somehow?

Many thanks in advance.
 
puterfixer said:
Hey @digitalpoint ,

So I got my second domain and forum through a free CloudFlare account yesterday, popped this plugin just for the kicks, and now I finally have visibility on the traffic sources. "Ignorance is bliss" is absolutely right.

I configured WAF with 2 rules: one to block connections coming from a list of manually curated ASNs, the second to block traffic from TOR. The objective is to get to a point where the forum is accessed mostly by humans from their home/work/mobile devices, not by bots from datacenters or through VPNs. Yeah, it's probably a stupid and monstruous task for a flimsy principle, but I'd rather give it a serious shot first. It definitely is very tedious to look randomly during the day through the guests visiting, check each IP, find out it's assigned to a "Datacenter" or has VPN services, then add the ASN to the list in the WAF rule.

Considering your much deeper experience with CloudFlare and API calls, is there a way to make this easier or even to automate it somehow?

Many thanks in advance.
Click to expand...
Cloudflare handles this automatically mostly, blocking bots that is. After a while suspicious ips get a captcha
 
sdev said:
Cloudflare handles this automatically mostly, blocking bots that is. After a while suspicious ips get a captcha
Click to expand...
That is a reactive approach for individual IPs that get temporarily throttled through a captcha, and this status quo is temporary. Cloudflare's Turnstile is among the last effective captchas against some bots, but it will eventually follow the other captchas which are easily defeated by AI. It's been just a few days since an article classified Google's ReCaptcha as "malware" because, under the pretense of blocking bots, is used pretty much everywhere, and it DOES collect data about users filling in forms, and selling that data is a very lucrative business.

I'd rather take the proactive approach to directly block VPN providers and datacenters in their entirety. I can start from lists of ASNs for VPN providers and for datacenters, but I'd also like some automation to detect and block future such providers without me manually having to maintain these lists myself.

The reason to block those traffic sources is the principle that my site and forum's existence is to serve humans through their devices and direct internet connections. I have zero moral or contractual obligation to allow connections from commercial services residing in datacenters, especially when those are associated with a higher risk of abuse or undesired activity, and when I as site admin have no control over what happens with the data passing through those third parties, especially in countries which do not have a strong legal framework for data privacy. Perhaps the sole exception to that princicple is to allow select group of crawler bots indexing the contents for search engines, because they do provide an indirect service to our community, but even that is now difficult to argue when search engines' results contain more AI generated content, advertising and paid promoted content instead of the best fitting web content.

If this decision means that some legitimate visitors/forum members will be blocked because they falsely believe that VPNs are there to enhance their privacy or "protect" them, and therefore jump on the bandwagon mostly used by others trying to hide their tracks in their nefarious activities, then so be it. They'll always have the choice to access the site without the "privacy" VPN, and then it will work. If you are a legitimate shopper and don't want to be misclassified as a shoplifter, don't go into a jewelry store wearing a ski mask over your face.

I already had my share of gray hairs just from one annoying forum user which repeatedly tried escaping forum bans and creating multiple user accounts through Opera's built-in VPN service.
 
#0 src/addons/SV/UserActivity/XF/Repository/SessionActivity.php(38): DigitalPoint\Cloudflare\XF\Repository\SessionActivity->updateSessionActivity(0, '114.119.140.250', 'XF\\Pub\\Controll...', 'Post', Array, 'error', 'petalsearch')
#1 src/XF/Pub/Controller/AbstractController.php(82): SV\UserActivity\XF\Repository\SessionActivity->updateSessionActivity(0, '114.119.140.250', 'XF\\Pub\\Controll...', 'Post', Array, 'error', 'petalsearch')
#2 src/XF/Pub/Controller/AbstractController.php(42): XF\Pub\Controller\AbstractController->updateSessionActivity('Post', Object(XF\Mvc\ParameterBag), Object(XF\Mvc\Reply\Error))
#3 src/XF/Mvc/Controller.php(287): XF\Pub\Controller\AbstractController->postDispatchType('Post', Object(XF\Mvc\ParameterBag), Object(XF\Mvc\Reply\Error))
#4 src/XF/Mvc/Dispatcher.php(383): XF\Mvc\Controller->postDispatch('Post', Object(XF\Mvc\ParameterBag), Object(XF\Mvc\Reply\Error))
#5 src/XF/Mvc/Dispatcher.php(257): XF\Mvc\Dispatcher->dispatchClass('XF:GotoPage', 'Post', Object(XF\Mvc\RouteMatch), Object(XF\Pub\Controller\GotoPage), NULL)
#6 src/XF/Mvc/Dispatcher.php(113): XF\Mvc\Dispatcher->dispatchFromMatch(Object(XF\Mvc\RouteMatch), Object(XF\Pub\Controller\GotoPage), NULL)
#7 src/XF/Mvc/Dispatcher.php(55): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#8 src/XF/App.php(2344): XF\Mvc\Dispatcher->run()
#9 src/XF.php(512): XF\App->run()
#10 index.php(20): XF::runApp('XF\\Pub\\App')
#11 {main}
Click to expand...

I still get this on v2.2.6 Patch 2 even when I use v1.9.0.1 :( (will upgrade my version of XF!)
 
Last edited:
It's related to this:

digitalpoint

Post in thread '[DigitalPoint] App for Cloudflare®'

NickH said:
When I try the latest version, I get this and it kills the site:



Is the old version available anywhere? (I overwrote it :( )
Click to expand...
I tracked it down... it does look like you need XenForo 2.2.8 or higher (that's when the method was introduced). So made a change so it will work, just not log geo-location data for sessions if you are using XenForo before 2.2.8.
  • Love

The update that doesn't do geo-location logging for sessions in XF < 2.2.8 hasn't been released yet (going to do it today).
 
NealC said:
I'm seeing "US" but not the flag. What do I need to change?
Click to expand...
You can "fix" this one windows machine at a time by:
1. Back up your Segoe UI Emoji font. You don't have to do this, but it's not a bad idea. Just go to your Windows font directory and copy and paste it somewhere for backup
2. Download the Google Emoji Font for Windows from here: https://github.com/perguto/Country-Flag-Emojis-for-Windows
3. Right-click on the font and click Install. It will ask you if you want to overwrite the Segue UI Font. Click Yes.

Once you restart your Web browser, flags will start appearing. This feature is really useful as an Admin.
 
You must log in or register to reply here.

Similar threads

D
[DigitalPoint] App for Cloudflare® - FRENCH translation [Deleted]
Replies
9
Views
875
Ozzy47
Ozzy47
digitalpoint
App for Cloudflare (appforcf.com)
Replies
12
Views
1K
securedme
securedme
Back
Top Bottom