Features
Everything is available from within XenForo (you do not need to go to Cloudflare for things) via the Cloudflare API. This allows you give admins permission to do certain things (for example block IP addresses within Cloudflare without giving them access to your Cloudflare account).
It simplifies/automates much of the configuration and usage of Cloudflare with XenForo.
- Manage all Cloudflare settings/options for your zone.
- Ability to purge Cloudflare cache.
- Cloudflare Firewall support
- You can automatically create firewall filters to block access to XenForo internal directories that are not intended to be accessed via web browser (internal_data and src). You can also delete any firewall filter.
- Create/delete Firewall user agent rules.
- Create/delete Firewall IP address rules. Includes the ability to optionally expire the rule in the future (for example maybe you want to block a class C for 7 days, or you want to force a challenge to a specific IP for 30 days).
- Manage country-level traffic blocking (includes Tor exit nodes).
- Ability to force challenge on the registration and contact forms (helps mitigate automated spam).
- Cloudflare Access support
- You can automatically create Access policies to allow only admins the ability to access the install and admin.php URLs. You can also delete any existing Access policy.
- Cloudflare Page Rules support
- You can view and delete any Page Rules on your zone.
- Cloudflare Cache Rules support
- You can automatically create a Page Rule that will instruct Cloudflare to cache XenForo CSS files (normally they are not cached because Cloudflare caches based on file extension, and XenForo's CSS system has .php extension).
- You can automatically create a Page Rule that will instruct Cloudflare to cache images served through XenForo's image proxy (similar to XenForo's CSS, Cloudflare normally does not cache them because the image proxy uses .php extension).
- Cloudflare Turnstile support (requires XF 2.2.12+)
- You can automatically configure/create Turnstile site via API.
- Gives direct links to Turnstile Settings and Analytics within Cloudflare account.
- Use Cloudflare Workers as proxy to hide your server's origin IP address for certain XenForo functions:
- Image proxy
- Unfurl
- Support for Cloudflare R2 (object storage) to store things like avatars and attachments in the cloud.
- Support for caching HTML pages for guests at the network edge (in Cloudflare data centers).
- Supports both Global API key and API tokens. API tokens allow the minimum required permissions and can span multiple zones (you could use the same API token across multiple XenForo installations/domains without giving any unnecessary permissions).
- Moderators that have the ability to spam clean and view user's IPs get an extra option in the spam cleaner where they can temporarily ban the IP address(es) the spammer used in the last 30 days. The number of days to ban is an option you can set in the admin area (it defaults to 7 days).
- Ability to backup and restore certain Cloudflare configuration (Access Apps, Firewall Rules, Firewall IP Access Rules, Firewall User Agent Blocking, Page Rules).
- You can restore backups to a different zone (for example if you had extensive configuration for a zone, you could give another zone the same configuration through a backup restore).
- Restoring a backup does not delete existing configurations (you are able to merge configuration into an existing config).
- Cloudflare configuration is protected by a new admin permission, Manage Cloudflare.