MaximilianKohler
Well-known member
I left this on and it prevented my Let's Encrypt SSL from renewing.
![[DigitalPoint] App for Cloudflare®](/community/data/resource_icons/8/8750.jpg?1692633961){kind=icon}
[DigitalPoint] App for Cloudflare® 1.9.4
- Thread starter digitalpoint
- Start date
digitalpoint
Well-known member
How would that work? Cloudflare proxy (and everything that goes along with it like Bot Fight Mode) only affects inbound HTTP requests. So unless Let’s Encrypt is proactively contacting an API you have setup on your server to push an SSL cert to your server, it wouldn’t affect it. If your server is going out (making the connection), it’s not going through Cloudflare.
digitalpoint
Well-known member
When did it start working for you on 2.2? Windows doesn’t support emoji flags (regardless of XenForo version).
Let's Encrypt (with HTTP-01 verification) performs an inbound HTTP request to check if the challenge can be read from
./well-known/acme-challenge/... - this request can (and if smth. is misconfigured will) be blocked by Cloudflare WAF.
Last edited:
digitalpoint
Well-known member
Ah… clearly I don’t use Let’s Encrypt.
digitalpoint
Well-known member
Yep.Its's not just Let's Encrypt, the same would apply for any CA using the ACME protocol and HTTP-01
NealC
Well-known member
Cloudflare WAF question - may not be related to this add-on but it's affecting my XF 2.3.6 work. It seems I need to go to Security > WAF > Tools and put in my IP address to allow editing in some areas of the admin such as template changes. I don't recall this situation in 2.2.x. It's a pain to deal with. Any reason why this is occurring, nothing changed in Cloudflare, and how I can turn this off?
I have link unfurling proxied. Would this by any chance interfere with Skimlinks? I have the Skimlinks code added in page container and inspection shows it's there and live but not working. Did all the things they suggest - turn off ad blocker, clear cookies, use their test link. So it occurred to me that proxying the link unfurling might conflict with it somehow? I can still add manually generated ones, but just wondering if this is causing it to not work.
digitalpoint
Well-known member
If it’s a link you are posting in a post, ya… it will go through the proxy. If its not a link in a post, then no.
digitalpoint
Well-known member
Anything within the URL BBCode within a post will be downloaded via the proxy (that’s the whole point). If you don’t want links in posts to go through the proxy, you want to disable unfurl and image proxy.
Thanks - no its ok I do want them to go through the proxy I'm just trying to narrow down what might be stopping Skimlinks from working. As I say I can still paste manual links, it;s just the auto ones that aren't working - not sure if they're worth bothering with anyway as most of my existing links are unfurled anyway and I don't think Skimlinks can read unfurled links either.
So what does proxying the unfurling of links actually do please?
I'm just trying to narrow down what might be stopping Skimlinks from working. As I say I can still paste manual links, it;s just the auto ones that aren't working - not sure if they're worth bothering with anyway as most of my existing links are unfurled anyway and I don't think Skimlinks can read unfurled links either.So what does proxying the unfurling of links actually do please?
Ok as an update, the Cloudflare proxying is not affecting affiliate ID links that unfurl Had that tested. These were manually generated affiliate links. So the issue with Skimlinks must be something else (maybe because the code is in page container). Not bothering with that Skimlinks code now. Using Awin and Andy's parser addons instead.
Had that tested. These were manually generated affiliate links. So the issue with Skimlinks must be something else (maybe because the code is in page container). Not bothering with that Skimlinks code now. Using Awin and Andy's parser addons instead.
z3r010
Active member
@digitalpoint
Not sure if you’re open to feature requests, but before I get someone to build this as a separate add-on, I thought I’d ask if it might be a good fit for your mod, since you already have the API permissions and framework in place.
Automatic “Under Attack” mode:
When traffic exceeds a set threshold, “Under Attack” mode is triggered automatically, and stays on until traffic drops below the limit and a cooling-off period has passed.
My sites have been getting hit pretty hard a few times a week lately, with tens of thousands of bot guests at a time. I managed to get Claude AI to build this for my vBulletin sites and it’s worked really well — but I haven’t had any luck getting an AI version to work properly for XF. So if you don’t think it fits with your add-on, I’ll just get someone to custom-build it.
Thanks!
Not sure if you’re open to feature requests, but before I get someone to build this as a separate add-on, I thought I’d ask if it might be a good fit for your mod, since you already have the API permissions and framework in place.
Automatic “Under Attack” mode:
When traffic exceeds a set threshold, “Under Attack” mode is triggered automatically, and stays on until traffic drops below the limit and a cooling-off period has passed.
My sites have been getting hit pretty hard a few times a week lately, with tens of thousands of bot guests at a time. I managed to get Claude AI to build this for my vBulletin sites and it’s worked really well — but I haven’t had any luck getting an AI version to work properly for XF. So if you don’t think it fits with your add-on, I’ll just get someone to custom-build it.
Thanks!
digitalpoint
Well-known member
Unless the bots are logging in as users, why not just enable guest page caching or just block the bots permanently that are causing the issue?
