What is Cloudflare ? How does it help webmasters ?

Not sure CloudFlare's IPs really change. Imagine it would be a support nightmare for them if they tried to change/add IPs. :)

Either way, I just checked and my firewall rules I added a long time ago are still valid (no new blocks):

https://www.cloudflare.com/ips

Also, those are very large blocks of IPs... the number of useable IPs you get for each type of subnet bitmask is like so:
  • /22 = 1,022
  • /21 = 2,046
  • /20 = 4,094
  • /18 = 16,382
  • /17 = 32,766
  • /15 = 131,070
  • /13 = 524,286
  • /12 = 1,048,574
That means they have 1,787,876 usable IPs in their already defined IPv4 blocks.

Then another 21,474,836,480 IPv6 addresses they call out on that page. (a /32 subnet mask for IPv6 is 4,294,967,296 IPs).
 
RoldanLT said:
Thanks :)
What about Web Application Firewall and Package: OWASP ModSecurity Core Rule Set?
Click to expand...
I have both disabled. But you shouldn't base your configuration on what other sites are doing. Base it on what *your* site needs. My site's needs a different than other sites. If it was that easy, there wouldn't be configuration options since everyone's best options would be the same. :)
 
digitalpoint said:
I have both disabled. But you shouldn't base your configuration on what other sites are doing. Base it on what *your* site needs. My site's needs a different than other sites. If it was that easy, there wouldn't be configuration options since everyone's best options would be the same. :)
Click to expand...
I'm just asking because maybe that two firewall rules has known conflict with your XenForo site :)
I have it enabled by the way :)
 
Cloudflare = Awesome! and a must have for everyone!
Now 90% of my attachment and external images via image proxy request should be loaded on Cloudflare alone.
 
Saw this on your status @RoldanLT and am intrigued..
I've used this on WP sites, but never on Xenforo.
So I have no idea where to start firstly but most of all, is it worthwhile using on your boards?
If so why?
 
Better Performance, Inbuilt CDN, Enforce Caching, Protection against Layer 7 Type of attack can be mitigated.
 
Start to use CloudFlare. So far I'm satisfied. Using free SSL too, just need to add some code to config.php to show "real" users IP.
 
After trying KeyCDN for serving static content, I've switched to Cloudflare Pro (on a separate cookieless domain) due to it having more POPs - but I wondered how some of you were putting attachments through Cloudflare? Are you guys pushing everything on your main domain through Cloudflare to achieve this?

Cheers,
Shaun :D

Note: I don't use SSL for anything if that matters at all?
 
I have always thought about Cloudflare but I am afraid if it will end up being too expensive for me? For a this site of mine, do you think cloudflare free is enough to begin with? I have a servint vps and at times the site still runs slow. Would CF free help my website speed up? If I have to upgrade CF, how much do you think it will end up costing me? Thanks.
 
I'm really happy with CloudFlare, but there also are significant problems. Mainly because there is a lack of xenforo integration:
  1. There is no CloudFlare Firewall XenForo Rule Set
  2. Rocket Loader breaks XenForo, so we are missing out on an attractive feature.
  3. We cannot whitelist XenForo Users & Usergroups (CloudFlare blocks quite a few valid users because XF trips up CF)
  4. We cannot see which XenForo members are blocked by CloudFlare. So only if members take the effort to contact us off-site we learn that there is a problem.
  5. CloudFlare doesnt account for xenforo avatar strings.
  6. Upgrading XF causes a cloudflare error and interrupts the upgrade.
@damoncloudflare is there any chance of getting these issues addressed?
 
Last edited:
Alfa1 said:
I'm really happy with CloudFlare, but there also are significant problems. Mainly because there is a lack of xenforo integration:
  1. There is no CloudFlare Firewall XenForo Rule Set
  2. Rocket Loader breaks XenForo, so we are missing out on an attractive feature.
  3. We cannot whitelist XenForo Users & Usergroups (CloudFlare blocks quite a few valid users because XF trips up CF)
  4. We cannot see which XenForo members are blocked by CloudFlare. So only if members take the effort to contact us off-site we learn that there is a problem.
  5. CloudFlare doesnt account for xenforo avatar strings.
  6. Upgrading XF causes a cloudflare error and interrupts the upgrade.
@damoncloudflare is there any chance of getting these issues addressed?
Click to expand...

  1. Correct... although you can create your own firewall rule, so really just depends on what you are trying to do exactly with the firewall. Easy enough to block certain things like the admin control panel if that's what you are after. If it's the admin area you are trying to restrict, you might want to look at CloudFlare's "Zone Lockdown" under your Firewall settings. But again, would need to know what you are trying to do exactly.
  2. Rocket Loader probably isn't as great as you are hoping for XenForo. For starters, there's nothing magic about it... it can't somehow make JavaScript load better/faster than a good developer can do on their own. It's really more a "patch" of sorts for poorly designed websites where site owners don't know how (or can't) fix their issues on their own. If you look at XenForo's page source, JavaScript files are already loading at the end of the page, so asyncing them isn't going to do much of anything because they are already the last thing to load (nothing to block at that point). Again, Rocket Loader is intended as a patch for poorly designed frameworks/websites (which XenForo isn't).
  3. Ya... you can't do that. You can whitelist IPs, but that seems like a major headache and way more effort than it's worth.
  4. Also true... you can't know who the users are because CloudFlare is handling the request before it gets to your server to make the determination of what user they are.
  5. If you are talking about caching, it does. Make sure your Caching Level is set to "Standard". An example of your avatar here on this site:
    twin1:~ # curl -I 'https://xenforo.com/community/data/avatars/m/0/63.jpg?1285980246'
    HTTP/1.1 200 OK
    Date: Fri, 18 Jan 2019 18:12:18 GMT
    Content-Type: image/jpeg
    Content-Length: 2663
    Connection: keep-alive
    Set-Cookie: __cfduid=d198cbecec67dc611e6d98f480baee4ff1547835138; expires=Sat, 18-Jan-20 18:12:18 GMT; path=/; domain=.xenforo.com; HttpOnly
    Last-Modified: Sat, 02 Oct 2010 00:44:06 GMT
    ETag: "4ca68056-a67"
    Heartbleed: NO; see http://heartbleedheader.com
    CF-Cache-Status: HIT
    Expires: Fri, 18 Jan 2019 22:12:18 GMT
    Cache-Control: public, max-age=14400
    Accept-Ranges: bytes
    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    Server: cloudflare
    CF-RAY: 49b307702d4c2a37-SEA
    Click to expand...
  6. Never have seen that one myself, so can't help with that.
 
digitalpoint said:
really just depends on what you are trying to do exactly with the firewall.
Click to expand...
It would be really nice to see something similar to the Wordpress Rule Set. It has hundreds of rules and does a variety of things: For example it looks for attempts to exploit old vulnerabilities for this software, brute force on the login page/admincp or other suspect behavior. It also exempts from scripts that trigger the WAF.

Joomla/PHPBB OWASP rules currently conflict with XF. If possible it would be cool to have something similar for XF.
digitalpoint said:
Ya... you can't do that. You can whitelist IPs, but that seems like a major headache and way more effort than it's worth.
Click to expand...
Yeah, try that on a big board with hundreds of thousands of members.
digitalpoint said:
Also true... you can't know who the users are because CloudFlare is handling the request before it gets to your server to make the determination of what user they are.
Click to expand...
Both XF and CF have an API so maybe a solution can be built. I know that when I was using Stackpath they were able to fetch the XF cookie to get the userID.
CF blocking legitimate XF members is the most common reason I hear why XF webmasters do not want to use CF.

@eva2000 do you know if there is any movement by CloudFlare on the above issues?
 
Alfa1 said:
@eva2000 do you know if there is any movement by CloudFlare on the above issues?
Click to expand...
Not sure - back in October 2018, i contacted Xenforo folks to see if they want to get my Cloudflare WAF/Firewall dev contact access to a XF license so he can look at dedicated Cloudflare WAF Xenforo rule set and Xenforo told me to tell Cloudflare to contact them via https://xenforo.com/contact/. So whether contact was made or not haven't checked.
 

Similar threads

L
Occasional MySql issue, hits 100% CPU
Replies
7
Views
728
Yoshiro
Yoshiro
S
New site; database growing very fast
Replies
9
Views
813
Davyc
Davyc
C
Improving the 'feel' and access of our forum
2
Replies
37
Views
1K
ChrisArthur7769
C
jayhawku
  • Solved
XF 2.2 How to have main forum on home page?
Replies
2
Views
248
jayhawku
jayhawku
Dashmiel
  • Question Question
MG 2.2 Requested content cannot be loaded
Replies
4
Views
381
Jeremy P
Jeremy P
Top Bottom