digitalpoint
Well-known member
Right... like I said... not worth it. Honestly I'd rethink the plan of trying to whitelist all users/IPs, etc... that becomes an impossible task real quick. Imagine if Facebook was trying to setup whitelists for it's users trying to access facebook.com Just not realistic even if it was easily configurable (the overhead of checking a whitelist containing millions of entries for every HTTP request becomes a resource impossibility).Yeah, try that on a big board with hundreds of thousands of members.
CloudFlare is pretty good at blocking DDoS attacks even if you set the Security Level to "Essentially Off". You'd be better off using the CloudFlare API to switch it to something else based on the load your servers were experiencing. No one wants to get challenge responses... are you actually having issues where you need the challenge response system on for your users?Both XF and CF have an API so maybe a solution can be built. I know that when I was using Stackpath they were able to fetch the XF cookie to get the userID.
CF blocking legitimate XF members is the most common reason I hear why XF webmasters do not want to use CF.