phpBB and Cloudflare

Discussion of non-phpBB related topics with other phpBB.com users.
Forum rules
General Discussion is a bonus forum for discussion of non-phpBB related topics with other phpBB.com users. All site rules apply.
alegsa
Registered User
Posts: 2
Joined: Thu May 20, 2010 8:35 pm

phpBB and Cloudflare

Post by alegsa »

Hello!! sorry my English.

This is my website access log to my phpbb forum:
cloudflare.png
A lot of accesses to the same webpages but with different IPs of cloudflare (and different sid parameter)
I don’t know what to do with this!! I have thousands and thousands of unnecessary hits.

Thank you

sakm
Registered User
Posts: 612
Joined: Sun Jan 21, 2007 8:14 pm
Location: Hull, uk
Name: Stu
Contact:

Re: phpBB and Cloudflare

Post by sakm »

its probably a bot of some sort

alegsa
Registered User
Posts: 2
Joined: Thu May 20, 2010 8:35 pm

Re: phpBB and Cloudflare

Post by alegsa »

No, those IPs are from Cloudflare proxy bot.

The solution: use cloudflare Apache module if you don't have remoteip module (old apache webserver).

My solution: I have remoteip module, so you have to configure "remoteip" module.

CENTOS 7:

nano /etc/httpd/conf.d/remoteip.conf

add this:
RemoteIPHeader CF-Connecting-IP
RemoteIPTrustedProxy 173.245.48.0/20
RemoteIPTrustedProxy 103.21.244.0/22
RemoteIPTrustedProxy 103.22.200.0/22
RemoteIPTrustedProxy 103.31.4.0/22
RemoteIPTrustedProxy 141.101.64.0/18
RemoteIPTrustedProxy 108.162.192.0/18
RemoteIPTrustedProxy 190.93.240.0/20
RemoteIPTrustedProxy 188.114.96.0/20
RemoteIPTrustedProxy 197.234.240.0/22
RemoteIPTrustedProxy 198.41.128.0/17
RemoteIPTrustedProxy 162.158.0.0/15
RemoteIPTrustedProxy 104.16.0.0/12
RemoteIPTrustedProxy 172.64.0.0/13
RemoteIPTrustedProxy 131.0.72.0/22
RemoteIPTrustedProxy 2400:cb00::/32
RemoteIPTrustedProxy 2606:4700::/32
RemoteIPTrustedProxy 2803:f800::/32
RemoteIPTrustedProxy 2405:b500::/32
RemoteIPTrustedProxy 2405:8100::/32
RemoteIPTrustedProxy 2a06:98c0::/29
RemoteIPTrustedProxy 2c0f:f248::/32

and restart apache.

source: https://support.cloudflare.com/hc/en-us ... 0029696071

User avatar
janus_zonstraal
Registered User
Posts: 4515
Joined: Sat Aug 30, 2014 1:30 pm

Re: phpBB and Cloudflare

Post by janus_zonstraal »

Sorry! My English is bat ;) !!!

User avatar
John connor
Registered User
Posts: 2528
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Name: Aaron
Contact:

Re: phpBB and Cloudflare

Post by John connor »

The proper Apache module you need is called mod_cloudflare. You run a serious security risk running an outdated SAPI like you indicate.

Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 26132
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: phpBB and Cloudflare

Post by Paul »

John connor wrote:
Thu Apr 23, 2020 2:30 am
The proper Apache module you need is called mod_cloudflare. You run a serious security risk running an outdated SAPI like you indicate.
That compeltly depends which OS you are using, as Cloudflare doesn't provide support for mod_Cloudflare anymore on Debian/Ubuntu.
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

User avatar
John connor
Registered User
Posts: 2528
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Name: Aaron
Contact:

Re: phpBB and Cloudflare

Post by John connor »

Actually, it looks like mod_cloudflare is now phased out in replace of mod_remoteip. This is new on me as was their Hcaptcha change.

User avatar
WelshPaul
Registered User
Posts: 382
Joined: Tue Aug 19, 2014 2:09 pm

Re: phpBB and Cloudflare

Post by WelshPaul »

I forgot that mod_cloudflare was being depreciated and so I have only just removed it and setup mod_remoteip. If using Centos the setup is a little different so put the following in a file named remoteip.conf and place if in the /etc/https/conf.d directory.

Code: Select all

RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 173.245.48.0/20
RemoteIPTrustedProxy 103.21.244.0/22
RemoteIPTrustedProxy 103.22.200.0/22
RemoteIPTrustedProxy 103.31.4.0/22
RemoteIPTrustedProxy 141.101.64.0/18
RemoteIPTrustedProxy 108.162.192.0/18
RemoteIPTrustedProxy 190.93.240.0/20
RemoteIPTrustedProxy 188.114.96.0/20
RemoteIPTrustedProxy 197.234.240.0/22
RemoteIPTrustedProxy 198.41.128.0/17
RemoteIPTrustedProxy 162.158.0.0/15
RemoteIPTrustedProxy 104.16.0.0/12
RemoteIPTrustedProxy 172.64.0.0/13
RemoteIPTrustedProxy 131.0.72.0/22
RemoteIPTrustedProxy 2400:cb00::/32
RemoteIPTrustedProxy 2606:4700::/32
RemoteIPTrustedProxy 2803:f800::/32
RemoteIPTrustedProxy 2405:b500::/32
RemoteIPTrustedProxy 2405:8100::/32
RemoteIPTrustedProxy 2a06:98c0::/29
RemoteIPTrustedProxy 2c0f:f248::/32
Don't forget to modify %h to %a in the following lines too.

Code: Select all

    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio

User avatar
WelshPaul
Registered User
Posts: 382
Joined: Tue Aug 19, 2014 2:09 pm

Re: phpBB and Cloudflare

Post by WelshPaul »

alegsa wrote:
Tue Apr 21, 2020 7:40 pm
CENTOS 7:

nano /etc/httpd/conf.d/remoteip.conf

add this:
RemoteIPHeader CF-Connecting-IP
RemoteIPTrustedProxy 173.245.48.0/20
RemoteIPTrustedProxy 103.21.244.0/22
RemoteIPTrustedProxy 103.22.200.0/22
RemoteIPTrustedProxy 103.31.4.0/22
RemoteIPTrustedProxy 141.101.64.0/18
RemoteIPTrustedProxy 108.162.192.0/18
RemoteIPTrustedProxy 190.93.240.0/20
RemoteIPTrustedProxy 188.114.96.0/20
RemoteIPTrustedProxy 197.234.240.0/22
RemoteIPTrustedProxy 198.41.128.0/17
RemoteIPTrustedProxy 162.158.0.0/15
RemoteIPTrustedProxy 104.16.0.0/12
RemoteIPTrustedProxy 172.64.0.0/13
RemoteIPTrustedProxy 131.0.72.0/22
RemoteIPTrustedProxy 2400:cb00::/32
RemoteIPTrustedProxy 2606:4700::/32
RemoteIPTrustedProxy 2803:f800::/32
RemoteIPTrustedProxy 2405:b500::/32
RemoteIPTrustedProxy 2405:8100::/32
RemoteIPTrustedProxy 2a06:98c0::/29
RemoteIPTrustedProxy 2c0f:f248::/32

and restart apache.

source: https://support.cloudflare.com/hc/en-us ... 0029696071
That won't work on Centos 7!

User avatar
John connor
Registered User
Posts: 2528
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Name: Aaron
Contact:

Re: phpBB and Cloudflare

Post by John connor »

WelshPaul wrote:
Sat Apr 25, 2020 12:20 pm
Don't forget to modify %h to %a in the following lines too.

Code: Select all

    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
I read that at the CloudFlare article, but now that verbiage disappeared like magician's flash paper for some reason and the Wayback Machine doesn't have an archive of it. Or am I not seeing some link I need to click on to see this configuration directive change? I could have sworn that it was all right there.

User avatar
WelshPaul
Registered User
Posts: 382
Joined: Tue Aug 19, 2014 2:09 pm

Re: phpBB and Cloudflare

Post by WelshPaul »

John connor wrote:
Sun Apr 26, 2020 2:28 am
WelshPaul wrote:
Sat Apr 25, 2020 12:20 pm
Don't forget to modify %h to %a in the following lines too.

Code: Select all

    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
I read that at the CloudFlare article, but now that verbiage disappeared like magician's flash paper for some reason and the Wayback Machine doesn't have an archive of it. Or am I not seeing some link I need to click on to see this configuration directive change? I could have sworn that it was all right there.
The link is in the post quote above yours.
3. Update combined LogFormat entry in apache.conf, replacing %h with %a in /etc/apache2/apache2.conf. For example, if your current LogFormat appeared as follows:

User avatar
John connor
Registered User
Posts: 2528
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Name: Aaron
Contact:

Re: phpBB and Cloudflare

Post by John connor »


sakm
Registered User
Posts: 612
Joined: Sun Jan 21, 2007 8:14 pm
Location: Hull, uk
Name: Stu
Contact:

Re: phpBB and Cloudflare

Post by sakm »

John connor wrote:
Mon Apr 27, 2020 1:37 am
Ah, here it is. https://support.cloudflare.com/hc/en-us ... 0029696071
Just wondering, Why would you want to do that instead of using this extension?
https://www.phpbb.com/customise/db/exte ... masked_ip/

User avatar
Mick
Support Team Member
Support Team Member
Posts: 22431
Joined: Fri Aug 29, 2008 9:49 am
Location: Cardiff

Re: phpBB and Cloudflare

Post by Mick »

Did the OP ask this support question at Cloudflare first? If so I wonder what their answer was.
"The more connected we get the more alone we become" - Kyle Broflovski©

User avatar
WelshPaul
Registered User
Posts: 382
Joined: Tue Aug 19, 2014 2:09 pm

Re: phpBB and Cloudflare

Post by WelshPaul »

John connor wrote:
Mon Apr 27, 2020 1:37 am
Ah, here it is. https://support.cloudflare.com/hc/en-us ... 0029696071
Yea like I said, that link has been posted twice in this topic already lol
sakm wrote:
Mon Apr 27, 2020 7:36 am
John connor wrote:
Mon Apr 27, 2020 1:37 am
Ah, here it is. https://support.cloudflare.com/hc/en-us ... 0029696071
Just wondering, Why would you want to do that instead of using this extension?
https://www.phpbb.com/customise/db/exte ... masked_ip/
Because that extension only shows the original IP of the visitor within phpBB. So if I was to install that extension and check my server logs I would still see cloudflare IP's and not the original IP of the visitor. Implement it at a server level and you see the original IP of each visitor everywhere and not just just within phpBB.

Post Reply

Return to “General Discussion”