[DigitalPoint] App for Cloudflare® 1.9.4

[digitalpoint]

@Matt C. one thing that updating old versions of cURL will give you is support for newer TLS versions. As an example api.cloudflare.com (and most modern sites these days) have disabled support for SSLv2, SSLv3, TLS 1.0 and TLS 1.1. So if your version of cURL doesn't supports TLS 1.2 or TLS 1.3, you are basically out of luck because modern sites will refuse to communicate.

See:

TLS Checker - Instant Results | CDN77.com

Does your server or CDN support the latest TLS 1.3? Check your SSL/TLS setup now!

www.cdn77.com

The error you posted looks like cURL is trying (and failing) to make a SSLv3 connection, which isn't supported by Cloudflare API (or most other sites these days).

 

[Matt C.]

Thanks for info. This is what I got from the TLS Checker.

 

[digitalpoint]

Thanks for info. This is what I got from the TLS Checker.

View attachment 324892

Right... so you need to make sure your server supports TLS 1.2 or TLS 1.3 if you want it to be able to talk to servers that only allow that (for example Cloudflare API).

 

[Matt C.]

I have been noticing some erratic behavior from the setting page:



I was trying different settings in the Cloudflare Dashboard. This happened when I turned rocket loader on to test its effects. Turned it off, and the setting page loaded just fine.

Now I tested another setting related to SSL/TTS and got the error again.

 

[digitalpoint]

Rocker Loader shouldn’t be on with XenForo, but that won’t prevent the settings from working.

 

[Matt C.]

Rocker Loader shouldn’t be on with XenForo, but that won’t prevent the settings from working.

Yeah turned it back off after reading your optimization thread.

Regardless settings page won't load anymore and its stuck on that error message.

 

[nodle]

Yeah turned it back off after reading your optimization thread.

Regardless settings page won't load anymore and its stuck on that error message.

Looks like the same message I got here?

Post in thread '[DigitalPoint] App for Cloudflare®'

Tuesday at 11:03 AM

I wanted to try this add-on again but I am getting this error under Cloudflare>Settings tab only:

ErrorException: [E_WARNING] Trying to access array offset on false in src/addons/DigitalPoint/Cloudflare/Repository/Cloudflare.php at line 1143
XF::handlePhpError() in src/addons/DigitalPoint/Cloudflare/Repository/Cloudflare.php at line 1143
DigitalPoint\Cloudflare\Repository\CloudflareAbstract->getZoneSettings() in src/addons/DigitalPoint/Cloudflare/Repository/Cloudflare.php at line 837
DigitalPoint\Cloudflare\Repository\CloudflareAbstract->organizeSettings() in...

• nodle

 

[Matt C.]

Looks like the same message I got here?

Post in thread '[DigitalPoint] App for Cloudflare®'

Tuesday at 11:03 AM

I wanted to try this add-on again but I am getting this error under Cloudflare>Settings tab only:

ErrorException: [E_WARNING] Trying to access array offset on false in src/addons/DigitalPoint/Cloudflare/Repository/Cloudflare.php at line 1143
XF::handlePhpError() in src/addons/DigitalPoint/Cloudflare/Repository/Cloudflare.php at line 1143
DigitalPoint\Cloudflare\Repository\CloudflareAbstract->getZoneSettings() in src/addons/DigitalPoint/Cloudflare/Repository/Cloudflare.php at line 837
DigitalPoint\Cloudflare\Repository\CloudflareAbstract->organizeSettings() in...

• nodle

Slightly different:

ErrorException: [E_WARNING] Trying to access array offset on value of type bool in src/addons/DigitalPoint/Cloudflare/Repository/Cloudflare.php at line 1143

2. XF::handlePhpError() in src/addons/DigitalPoint/Cloudflare/Repository/Cloudflare.php at line 1143
4. DigitalPoint\Cloudflare\Repository\CloudflareAbstract->getZoneSettings() in src/addons/DigitalPoint/Cloudflare/Repository/Cloudflare.php at line 837
6. DigitalPoint\Cloudflare\Repository\CloudflareAbstract->organizeSettings() in src/addons/DigitalPoint/Cloudflare/Admin/Controller/Cloudflare.php at line 50
8. DigitalPoint\Cloudflare\Admin\Controller\Cloudflare->actionIndex() in src/XF/Mvc/Dispatcher.php at line 362
10. XF\Mvc\Dispatcher->dispatchClass() in src/XF/Mvc/Dispatcher.php at line 264
12. XF\Mvc\Dispatcher->dispatchFromMatch() in src/XF/Mvc/Dispatcher.php at line 121
14. XF\Mvc\Dispatcher->dispatchLoop() in src/XF/Mvc/Dispatcher.php at line 63
16. XF\Mvc\Dispatcher->run() in src/XF/App.php at line 2824
18. XF\App->run() in src/XF.php at line 806
20. XF::runApp() in admin.php at line 15

 

[digitalpoint]

Yeah turned it back off after reading your optimization thread.

Regardless settings page won't load anymore and its stuck on that error message.

Did it work itself out? Specifically, if you are changing a ton of settings fairly quickly, you could end up being rate limited. The Cloudflare API allows 1200 API requests per 5 minute window. It takes approximately 20 API calls to build the page and about the same number whenever you change a setting. So for example flipping a single toggle from off to on and back off would take about 60 API requests. Basically if in a 5 minute window you change settings about 60 times, you'd hit that rate limit.

And as I mentioned (but in case you didn't catch it) toggling a single setting back and forth will use a ton of API calls (about 20 every time you click it).

Additionally, it's cumulative, meaning if you are also flipping around the Cloudflare dashboard, that's using your API requests as well (you would start getting errors on the Cloudflare dashboard as well until your rate limiting reset).

Rate limits

Some specific API calls have their own limits and are documented separately, such as the following:

developers.cloudflare.com

 

[Matt C.]

Did it work itself out?

No, it didn't. I've been trying to remember specifically what I hit to cause the error. I'm gonna give it some time and see if it loads in an hour.

 

[digitalpoint]

No, it didn't. I've been trying to remember specifically what I hit to cause the error. I'm gonna give it some time and see if it loads in an hour.

There shouldn't be any setting you can set that would block yourself from the API... Your server is communicating with the Cloudflare API, not itself, so...

 

[Matt C.]

There shouldn't be any setting you can set that would block yourself from the API... Your server is communicating with the Cloudflare API, not itself, so...

Well it's been working until I went messing with Cloudflare. Haven't made any changes to my server.

 

[digitalpoint]

Well like I said, there's nothing you can configure in Cloudflare to block your outbound network access to api.cloudflare.com (what is happening underneath it all), even if you wanted to. So it's not a Cloudflare setting you set.

Maybe double check your API token... like did you put any restrictions on your API token? Like only certain zones, certain IPs or allowed to be used on certain dates? Unless you have a very specific reason (that only you know), those should all be blank on your API token setup.

 

[Matt C.]

There shouldn't be any setting you can set that would block yourself from the API... Your server is communicating with the Cloudflare API, not itself, so...

Okay I ended completely removing my domain from Cloudflare, re-adding it and re-doing my API tokens, and got it to work.

Changing TLS 1.3 from "zero round trip" to "on" caused the error.

 

[digitalpoint]

Okay I ended completely removing my domain from Cloudflare, re-adding it and re-doing my API tokens, and got it to work.

Changing TLS 1.3 from "zero round trip" to "on" caused the error.

View attachment 324895

If that's really the case, only Cloudflare could resolve that... but I highly doubt it.

You are talking about a setting that would affect browsers accessing your site. There's no setting you can set that would affect your server's ability to access api.cloudflare.com (you also can't reconfigure how that hostname works or is setup... it's Cloudflare's, not yours).

Maybe Cloudflare is having some sort of issue with new API tokens somehow (for example maybe the rate limiting isn't resetting on them). You would see new tokens work for awhile, and then not. And if that was only affecting new tokens with old tokens still working, maybe that's why you see it and not me (or others). 100% just a wild "what if" thought... no idea if that's going on. But whatever it is seems like your token is being blocked from being used after awhile.

 

[digitalpoint]

@Matt C. if you have shell access to your server, here's a basic cURL request that will simply test if your API token is valid:

curl https://api.cloudflare.com/client/v4/user/tokens/verify -H 'Authorization: Bearer YOUR-API-TOKEN-HERE'

If you run that, what do you get?

 

[Matt C.]

This is what I get:

[xxx@yyy~]$ curl https://api.cloudflare.com/client/v4/user/tokens/verify -H 'Authorization: Bearer API-XYZ'
{"result":{"id":"XYZ","status":"active"},"success":true,"errors":[],"messages":[{"code":10000,"message":"This API Tokenis valid and active","type":null}]}

 

[digitalpoint]

This is what I get:

Is that from the same server that your site is running on?

 

[Matt C.]

Is that from the same server that your site is running on?

Yes.

 

[digitalpoint]

Yes.

Assuming the settings page still is giving you an error, but you are able to verify the token with that curl command at the same time, the only other thing I can think of would be if certain individual API calls were having an issue. Maybe double/triple check your API token permissions? Maybe one of the permissions it needs was removed or edited. You need exactly these permissions:



Anything missing or anything with the wrong permission (like Read instead of Edit) will be problems.