Announcement

Collapse
No announcement yet.

Cloudflare / vBulletin integration

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cloudflare / vBulletin integration

    I'm currently hosted with Rackspace Cloud Sites and, recently, the number of compute cycles my site uses was increasingly dramatically, and with it my hosting bills.

    It was detected that I was getting hammered from China and one solution put to me was to consider using Cloudflare. I checked it out and have given it a go.

    The positives are that it has dramatically reduced my hosting bill and sped up the site as well due to the CDN aspects of Cloudflare.

    The negatives are that all users are now presented to the site with a Cloudflare IP address. This could make it problematic to identify malicious users, such as those previously banned, but the bigger issue is that it seems to trigger built-in vBulletin protection for when it thinks someone is attempting to compromise other user account(s). As such, when triggered, all users appear to be the same to vBulletin due to their IP address and all those trying to login get rejected due to 5 failures and told to wait 15 minutes. When this happens, it seems to become a bit of a vicious circle as they repeatedly try to get in.

    Has anyone else implemented Cloudflare and are there any solutions available to stop users being locked out in this way, preferably by vBulletin being able to know the real source IP address of each user, as is the case if Cloudflare is not implemented?

    Thanks for any help!

  • #2
    Add the Cloudfare IP to your config.php in the proxy section at the bottom.
    Gentoo Geek

    Comment


    • #3
      In later versions of VB 4.x snakes is right on, there is a proxy setting near the bottom of config.php - the section begins with: /* #### Reverse Proxy IP ####

      If you are on an older VB 4 version then Paul M has a mod on vBulletin.org- http://www.vbulletin.org/forum/showthread.php?t=231873
      But remember we do not support 3rd party mods.

      Comment


      • #4
        The problem with cloudflare, is that you need to enter a few hundred thousand ip addresses.

        Comment


        • #5
          Originally posted by Bozza View Post
          The negatives are that all users are now presented to the site with a Cloudflare IP address.
          Then something isn't right. I've had very busy forums on CloudFlare and I'm not sure a single members has ever asked why they got a challenge from CloudFlare. Do you have the Security settings set too high? I go with essentially off because it's not worth confusing or losing potential new members in order to block spam bots. CSF is my main defense against China, not CloudFlare. Make sure your settings in CloudFlare are all very conservative at first (especially Security) and then ease up from there if you feel you need to. Going higher than Low is redundant IMO because then you're just going to start inconveniencing real users.

          I wish China were disconnect from our internet and just had their own. Same for Vietnam, Russia, Nigeria, etc.

          Comment


          • #6
            Originally posted by diecastfast View Post
            Originally posted by Bozza View Post
            The negatives are that all users are now presented to the site with a Cloudflare IP address.
            Then something isn't right. I've had very busy forums on CloudFlare and I'm not sure a single members has ever asked why they got a challenge from CloudFlare. Do you have the Security settings set too high? I go with essentially off because it's not worth confusing or losing potential new members in order to block spam bots. CSF is my main defense against China, not CloudFlare. Make sure your settings in CloudFlare are all very conservative at first (especially Security) and then ease up from there if you feel you need to. Going higher than Low is redundant IMO because then you're just going to start inconveniencing real users.

            I wish China were disconnect from our internet and just had their own. Same for Vietnam, Russia, Nigeria, etc.
            Sorry, it's not a challenge from CloudFlare, but a rejection from vB itself (5 consecutive login failures, try again in 15 minutes). My theory is that as there is a lot of commonality in the IP addresses that users now present to vBulletin that if there are a few failures from genuinely different people, vB thinks they are all the same so starts blocking defensively.

            I'll try the reverse proxy stuff suggested (I'd have done it by now but, bizarrely, I've found I have a 3.8 config.php running alongside my vB 4.2).

            Comment


            • #7
              Did you install mod_cloudflare?

              I recently migrated a pretty busy 3.8 site to my server from a VPS. Resources are 4x what the VPS had but I immediately started getting widespread reports of major latency and access issues. For me and most others, there seemed to be no issues, leading me to believe that it was network related and that CloudFlare's DNS (not to mention CDN) could offer improvements. Well, I'm highly impressed with initial results. I thought to run a GTMetrix test before I switched to CloudFlare nameserver only 75 minutes ago. I highly doubt the CDN, caching and optimizations are even functioning yet but I went from an initial test score of D (64%) with load times of 10.71 seconds to a score of B (84%) with a load time of 4.25 seconds!

              Monday's are always the busiest day on this site and I'm looking forward to testing again after CloudFlare has had some time to crawl around and cache. I'll report back.
              Last edited by diecastfast; Mon 10th Jun '13, 12:39am.

              Comment


              • #8
                Originally posted by Bozza View Post
                Originally posted by diecastfast View Post
                Originally posted by Bozza View Post
                The negatives are that all users are now presented to the site with a Cloudflare IP address.
                Then something isn't right. I've had very busy forums on CloudFlare and I'm not sure a single members has ever asked why they got a challenge from CloudFlare. Do you have the Security settings set too high? I go with essentially off because it's not worth confusing or losing potential new members in order to block spam bots. CSF is my main defense against China, not CloudFlare. Make sure your settings in CloudFlare are all very conservative at first (especially Security) and then ease up from there if you feel you need to. Going higher than Low is redundant IMO because then you're just going to start inconveniencing real users.

                I wish China were disconnect from our internet and just had their own. Same for Vietnam, Russia, Nigeria, etc.
                Sorry, it's not a challenge from CloudFlare, but a rejection from vB itself (5 consecutive login failures, try again in 15 minutes). My theory is that as there is a lot of commonality in the IP addresses that users now present to vBulletin that if there are a few failures from genuinely different people, vB thinks they are all the same so starts blocking defensively.

                I'll try the reverse proxy stuff suggested (I'd have done it by now but, bizarrely, I've found I have a 3.8 config.php running alongside my vB 4.2).
                If you uupgraded from Vb 3.8 to VB 4.x you may still have your original 3.8 config.php file. All you need to do is grab a copy of config.php.new from the original VB 4.2.x install package and update it with all the info from the 3.8 config.php file, then upload it as the new config.php. (Obviously keep a backup of the old file just in case of any mistakes.)

                Comment


                • #9
                  BTW, since I found this thread by searching for "vBulletin Cloudflare integration" I thought it might help others to also consider Google Page Speed. I applied last night for an invitation and got it this afternoon. Unfortunately, I didn't have the time to wait as I had some serious DNS issues that Cloudflare resolved immediately. But I would recommend that others consider Google Page Speed. It receives some respect in comparisons with Cloudflare, though not quite as easy to configure.

                  Comment


                  • #10
                    Wow, what a convoluted way to embed images. Anyway, here is a link to GTMetrix test results before-and-after integrating CloudFlare on my 3.8.7 site.

                    http://imgur.com/AcrnT5X

                    Comment


                    • #11
                      Originally posted by Zachery View Post
                      The problem with cloudflare, is that you need to enter a few hundred thousand ip addresses.
                      sorry to bump this but is this still relevant, you still do not support cidr format? :|

                      Comment


                      • #12
                        Originally posted by Cobra SA View Post

                        sorry to bump this but is this still relevant, you still do not support cidr format? :|
                        vBulletin 4 is not the current product and receives no active development outside of php compatibility updates, so no.
                        MARK.B | vBULLETIN SUPPORT

                        TalkNewsUK - My vBulletin 5.5.6 Demo
                        AdminAmmo - My Cloud Demo

                        Comment


                        • #13
                          Originally posted by Mark.B View Post

                          vBulletin 4 is not the current product and receives no active development outside of php compatibility updates, so no.
                          What would the the consequences on the performance if my config file has these hundreds thousands IP :|
                          if the server has to check through hundreds thousands IPs each time one user do anything, I assume there will be some kind of consequence?

                          Comment


                          • #14
                            Originally posted by Cobra SA View Post

                            What would the the consequences on the performance if my config file has these hundreds thousands IP :|
                            if the server has to check through hundreds thousands IPs each time one user do anything, I assume there will be some kind of consequence?
                            It's not something we would recommend or support.

                            The short answer is, don't use Cloudflare. It causes endless problems with vBulletin, just search here, vbulletin.org and pretty much anywhere else.
                            MARK.B | vBULLETIN SUPPORT

                            TalkNewsUK - My vBulletin 5.5.6 Demo
                            AdminAmmo - My Cloud Demo

                            Comment


                            • #15
                              It will never support CIDR.
                              However, 4.2.3 onwards does support a trailing wildcard in the reverse proxy set-up.
                              e.g. you can specify '192.168.*' or '10.*' - you can also specify 'all', which speaks for itself.
                              Baby, I was born this way

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X