[DigitalPoint] Cloudflare

[DigitalPoint] Cloudflare 1.2.2.1

No permission to download

AzzidReign

Well-known member
I downloaded a backup, it downloaded as "admin.php" with 0kb of data and 0 lines of data. Is there something that needs to be done specifically to be able to download aside from clicking download?

Also, any advice on a cf rule - I have users with massive tutorial threads and they always need me to update them bc the firewall always gets triggered, having them confirm they are human, but once confirmed, the page gets all screwed up and they aren't able to edit their thread. I'm not good at figuring these things out so if you have any advice, I'd kindly appreciate it.
 

digitalpoint

Well-known member
I downloaded a backup, it downloaded as "admin.php" with 0kb of data and 0 lines of data. Is there something that needs to be done specifically to be able to download aside from clicking download?
No, that's it. If you are getting what you are seeing, my guess is that something is intercepting the request upstream (maybe Cloudflare itself if it's trying to verify you are a human for example).

Also, any advice on a cf rule - I have users with massive tutorial threads and they always need me to update them bc the firewall always gets triggered, having them confirm they are human, but once confirmed, the page gets all screwed up and they aren't able to edit their thread. I'm not good at figuring these things out so if you have any advice, I'd kindly appreciate it.
It'd check the Security Level for your Cloudflare zone... if you have the security level higher than is necessary, you'd see both of those things (real humans needing to verify they are human and things like downloads not working because there's something the user needs to do to verify they are human, but the user never sees it).

Your best option with the zone's Security Level is to set it to the lowest option, and then raise it as needed (if you need it). Working the other way around (setting it higher than necessary) will cause unnecessary problems. As an example, all my sites are set to Essentially off, except when there's an active attack happening, then it's raised as necessary temporarily.
 

AzzidReign

Well-known member
No, that's it. If you are getting what you are seeing, my guess is that something is intercepting the request upstream (maybe Cloudflare itself if it's trying to verify you are a human for example).
I'm whitelisted as well as our server so it's weird if it's trying to verify my downloading it. :/
It'd check the Security Level for your Cloudflare zone... if you have the security level higher than is necessary, you'd see both of those things (real humans needing to verify they are human and things like downloads not working because there's something the user needs to do to verify they are human, but the user never sees it).

Your best option with the zone's Security Level is to set it to the lowest option, and then raise it as needed (if you need it). Working the other way around (setting it higher than necessary) will cause unnecessary problems. As an example, all my sites are set to Essentially off, except when there's an active attack happening, then it's raised as necessary temporarily.
Ok, I have mine set to low. I've tried setting up a page rule with:

And set everything I could find for security measures to off, including security and browser integrity checks and still get an error. And it's only on a thread that's extremely large like this one:

Any other thread of normal size doesn't get the error.

As I typed this up and tested a bunch of stuff, I set the security to "essentially off" and still getting complaints. Unless it takes a while to update, I have 2 people (moderators) who've confirmed they still can't edit the large threads.

This is what they are seeing.

e1aff1a19960b907fbc74c4ee7db83f4.png
 

digitalpoint

Well-known member
Ya that’s a Cloudflare security issue from the page source. Why it’s getting triggered, I’m not sure though. I’d go through everything. You can override security with Page Rules for example (maybe something is setting it high on a per request basis?)
 

AzzidReign

Well-known member
Ya that’s a Cloudflare security issue from the page source. Why it’s getting triggered, I’m not sure though. I’d go through everything. You can override security with Page Rules for example (maybe something is setting it high on a per request basis?)
Thanks for the insight. I'll take a look around.
 

WoodiE

Well-known member
@digitalpoint it's been said some day XF is going to include Cloudflare Turnstile support, but any chance you'll be rolling your version out with this plugin?
 

nodle

Well-known member
@AzzidReign I don't know if you got this fixed or not, but check under security and see if you have 'Browser Integrity Check' enabled, I think it can produce some of the things I am seeing above in your photo.

What is Browser Integrity Check?​

Browser Integrity Check looks for requests with HTTP headers commonly used by spammers, bots, and crawlers such as requests with a missing or non-standard user agent. If a threat is found, Cloudflare will present a block page.

Note: Browser Integrity Check may affect some actions on your domain. For example, it may block access to your API. You can selectively enable or disable this feature for any part of your domain using page rules.
 

digitalpoint

Well-known member
@digitalpoint it's been said some day XF is going to include Cloudflare Turnstile support, but any chance you'll be rolling your version out with this plugin?
Probably not to be honest. I have it working on my end, but I’m waiting for next version of XenForo that has Turnstile built in so I can figure out what I need to remove from my addon before I release it (I’m going to support some stuff that won’t be in the default XF implementation like using the API to set up the Turnstile site in Cloudflare).

Doesn’t really make sense to release it now knowing that any day XenForo’s implementation is coming out. Then I have to write updater code to switch users from my implementation to XenForo’s. I’d rather keep it simple. 😀
 

WoodiE

Well-known member
Probably not to be honest. I have it working on my end, but I’m waiting for next version of XenForo that has Turnstile built in so I can figure out what I need to remove from my addon before I release it (I’m going to support some stuff that won’t be in the default XF implementation like using the API to set up the Turnstile site in Cloudflare).

Doesn’t really make sense to release it now knowing that any day XenForo’s implementation is coming out. Then I have to write updater code to switch users from my implementation to XenForo’s. I’d rather keep it simple. 😀
Understood and it makes sense on your part for sure. I just don't have the same feeling of "any day" ;)
 
Top