XF2 Addons [DigitalPoint] App for Cloudflare® 1.6.4

Configure and manage Cloudflare from within XenForo.

• Guest page caching will work properly when a page immediately fires an AJAX request
• Don't try to purge Cloudflare's cache when using guest page caching and an orphaned post is being deleted (when a post is assigned to a thread that doesn't exist)
• Don't include all Zero Trust Access rules in backup (only include rules for your zone/domain)
• Cache Rules included in backup/restore process

• Removed repository dependency within R2 adapter
• When checking if a file exists on R2, only fall back to checking if it's a "directory" if there's no file extension in the path (less class A operations)

• Fixed issue where the function to add public subdomain and Cache Rule to an existing R2 bucket wouldn't work
• Removed dependency on third-party library to get list of countries for firewall blocking
• Changed how guest page caching updates tokens in GET request URLs
• Only cache guest pages if the visitor is using the default language and style

• More tuning of logic for when to do guest page caching
• Made change so other addons that are also extending the filesystem mount class are able to do so with backward compatibility
• Fixed cosmetic issue with overflow of R2 logs in overlay window
• Prevent users from using the same bucket for public and private areas (prevent users from exposing internal-data as a public bucket)
• Added note about style, language and advanced cookie consent in XF 2.2.12+ to known limitations for guest page caching

IMPORTANT for existing users: The new R2 functions and control of new settings require some new permissions for the API Token you use. You can go to your Cloudflare API Tokens, edit the token you have and add the following permissions:

• Account.Account Analytics: Read
• Account.Workers R2 Storage: Edit
• Zone.Bot Management: Edit
• Zone.Cache Rules: Edit

You should have a total of 14 permissions for your API token at this point. If you don't have 14, you can check what you should have under XF Admin -> Options -> External service providers -> Cloudflare authentication

General

• Fixed issue with compatibility with old versions of PHP.
• Requires PHP 7.0 or higher (just getting too annoying/difficult to maintain backward compatibility with very old versions of PHP on old versions of XenForo).
• New Cloudflare setting: Network error logging
• Bot Fight Mode, Automatic Signed Exchanges (SXGs) & AMP Real URL settings can be used with API tokens now (before you had to use Global API keys to access those settings).
• Added note about changing Worker subdomain.
• New option for country blocking allows blocking to apply to entire site or just registration.
• Make it so XenForo's FsMount class can disable asserts on a per-adapter basis (makes filesystem faster and cuts R2 API calls in half because we don't need to explicitly check if an object exists before we try to get it).
• Changed verbiage reflect Cloudflare's change of "firewall filter rules" to simply "firewall rules".
• Cloudflare API calls that return a server error code (5xx) will transparently retry once before giving up.

R2 (object storage)

• R2 support (yay!)
• R2 requires use of an API token (can't use Global API key, no way around that).
• Internally caching Cloudflare account ID, so we don't need to make API call to get it over and over (account ID normally never changes).
• Internally caching API token ID (required for R2 usage).
• New CLI command to migrate data between two different abstracted filesystems: php cmd.php dp:migrate-data [--new-to-old] [--processes=PROCESSES] [--start-at-path=START-AT-PATH] [--location=LOCATION] [--path=PATH]
• Can see R2 storage/usage for Cloudflare account as a whole (in footer of R2 admin area).
• Can see recent R2 logs (for individual buckets as well as Cloudflare account-level).

What is R2? R2 is a cloud object storage system. This add-on allows you to store things like avatars and attachments in the cloud rather than your server. The cost to use R2 is extremely reasonable... the first 10GB of storage is free, each GB after 10GB is $0.015 per month. For example, if you had 100GB of attachments and avatars you wanted to store in R2, the cost would would be $1.35 per month.

I've built a CLI tool to migrate data from one file system to another (for example you could go from local storage to R2 with it), however it needs to work within the limitations of XenForo and Flysystem. Which means, if you need to move more than a few GB worth of files, you are going to be better off using a free utility like rclone to do it.

Minor update...

• Give human-readable error when the domain/zone does not exist on Cloudflare account when trying to work with it.

• Support for new Cloudflare setting: Network -> HTTP/2 to Origin
• Fixed an issue where the Cloudflare Worker for unfurl proxying would not have it's route enabled

Not particularly keen on putting out a followup release so quick, however there is an issue where the Cloudflare Worker for unfurl proxying would not have it's route enabled (and wouldn't work since there was no route).

If you've already enabled the unfurl proxy, all you need to do to enable the route on Cloudflare's side is simple look at the proxy options page at admin.php?cloudflare/proxy. The act of viewing that page does a sanity check for the Workers to make sure they have a valid route, and if one doesn't, it enables the default route.

The option to Force registration challenge added in version 1.1.1 has been extended to optionally apply to the contact form as well. If you already created the managed challenge for registrations you can click the option again to toggle on/off the contact form option (it will update the existing rule).

Using Cloudflare Workers as an image proxy was added in version 1.1.0. Now you can also use Cloudflare Workers as an unfurl proxy to further hide the origin server's IP address.

• New User registration option: Registration form is an overlay
• Added ability to auto-configure Cloudflare firewall filter rule to force new registrations to go through managed challenge (helps mitigate automated spam registrations)
• Adds 24 solve rate metrics for firewall filter rules (needs new "Zone.Analytics: Read" permission)

IMPORTANT for existing users: The new solve rate metric requires a new permission for the API Token you use. You can go to your Cloudflare API Tokens, edit the token you have and add the Zone.Analytics: Read permission.

• Ability to use a Cloudflare Worker as a backend image proxy to hide the origin server's IP address when XenForo's image proxy fetches the image
• Some minor cosmetic tweaks to Cloudflare lists of things in admin area

IMPORTANT for existing users: The setup of the Cloudflare Workers image proxy system requires a new permission for the API Token you use, you can go to your Cloudflare API Tokens, edit the token you have and add the Account.Workers Scripts: Edit permission.

This gives you an easy/fast/reliable/free way to hide your server's origin IP from someone trying to get it for malicious purposes.