Cloudflare / vBulletin integration

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Bozza
    Member
    • Jul 2003
    • 36

    Cloudflare / vBulletin integration

    I'm currently hosted with Rackspace Cloud Sites and, recently, the number of compute cycles my site uses was increasingly dramatically, and with it my hosting bills.

    It was detected that I was getting hammered from China and one solution put to me was to consider using Cloudflare. I checked it out and have given it a go.

    The positives are that it has dramatically reduced my hosting bill and sped up the site as well due to the CDN aspects of Cloudflare.

    The negatives are that all users are now presented to the site with a Cloudflare IP address. This could make it problematic to identify malicious users, such as those previously banned, but the bigger issue is that it seems to trigger built-in vBulletin protection for when it thinks someone is attempting to compromise other user account(s). As such, when triggered, all users appear to be the same to vBulletin due to their IP address and all those trying to login get rejected due to 5 failures and told to wait 15 minutes. When this happens, it seems to become a bit of a vicious circle as they repeatedly try to get in.

    Has anyone else implemented Cloudflare and are there any solutions available to stop users being locked out in this way, preferably by vBulletin being able to know the real source IP address of each user, as is the case if Cloudflare is not implemented?

    Thanks for any help!
  • snakes1100
    Senior Member
    • Aug 2001
    • 1249

    #2
    Add the Cloudfare IP to your config.php in the proxy section at the bottom.
    Gentoo Geek

    Comment

    • BirdOPrey5
      Senior Member
      • Jul 2008
      • 9613
      • 5.6.3

      #3
      In later versions of VB 4.x snakes is right on, there is a proxy setting near the bottom of config.php - the section begins with: /* #### Reverse Proxy IP ####

      If you are on an older VB 4 version then Paul M has a mod on vBulletin.org- http://www.vbulletin.org/forum/showthread.php?t=231873
      But remember we do not support 3rd party mods.

      Comment

      • Zachery
        Former vBulletin Support
        • Jul 2002
        • 59097

        #4
        The problem with cloudflare, is that you need to enter a few hundred thousand ip addresses.

        Comment

        • diecastfast
          Member
          • Nov 2007
          • 62
          • 3.6.x

          #5
          Originally posted by Bozza
          The negatives are that all users are now presented to the site with a Cloudflare IP address.
          Then something isn't right. I've had very busy forums on CloudFlare and I'm not sure a single members has ever asked why they got a challenge from CloudFlare. Do you have the Security settings set too high? I go with essentially off because it's not worth confusing or losing potential new members in order to block spam bots. CSF is my main defense against China, not CloudFlare. Make sure your settings in CloudFlare are all very conservative at first (especially Security) and then ease up from there if you feel you need to. Going higher than Low is redundant IMO because then you're just going to start inconveniencing real users.

          I wish China were disconnect from our internet and just had their own. Same for Vietnam, Russia, Nigeria, etc.

          Comment

          • Bozza
            Member
            • Jul 2003
            • 36

            #6
            Originally posted by diecastfast
            Originally posted by Bozza
            The negatives are that all users are now presented to the site with a Cloudflare IP address.
            Then something isn't right. I've had very busy forums on CloudFlare and I'm not sure a single members has ever asked why they got a challenge from CloudFlare. Do you have the Security settings set too high? I go with essentially off because it's not worth confusing or losing potential new members in order to block spam bots. CSF is my main defense against China, not CloudFlare. Make sure your settings in CloudFlare are all very conservative at first (especially Security) and then ease up from there if you feel you need to. Going higher than Low is redundant IMO because then you're just going to start inconveniencing real users.

            I wish China were disconnect from our internet and just had their own. Same for Vietnam, Russia, Nigeria, etc.
            Sorry, it's not a challenge from CloudFlare, but a rejection from vB itself (5 consecutive login failures, try again in 15 minutes). My theory is that as there is a lot of commonality in the IP addresses that users now present to vBulletin that if there are a few failures from genuinely different people, vB thinks they are all the same so starts blocking defensively.

            I'll try the reverse proxy stuff suggested (I'd have done it by now but, bizarrely, I've found I have a 3.8 config.php running alongside my vB 4.2).

            Comment

            • diecastfast
              Member
              • Nov 2007
              • 62
              • 3.6.x

              #7
              Did you install mod_cloudflare?

              I recently migrated a pretty busy 3.8 site to my server from a VPS. Resources are 4x what the VPS had but I immediately started getting widespread reports of major latency and access issues. For me and most others, there seemed to be no issues, leading me to believe that it was network related and that CloudFlare's DNS (not to mention CDN) could offer improvements. Well, I'm highly impressed with initial results. I thought to run a GTMetrix test before I switched to CloudFlare nameserver only 75 minutes ago. I highly doubt the CDN, caching and optimizations are even functioning yet but I went from an initial test score of D (64%) with load times of 10.71 seconds to a score of B (84%) with a load time of 4.25 seconds!

              Monday's are always the busiest day on this site and I'm looking forward to testing again after CloudFlare has had some time to crawl around and cache. I'll report back.
              Last edited by diecastfast; Sun 9 Jun '13, 11:39pm.

              Comment

              • BirdOPrey5
                Senior Member
                • Jul 2008
                • 9613
                • 5.6.3

                #8
                Originally posted by Bozza
                Originally posted by diecastfast
                Originally posted by Bozza
                The negatives are that all users are now presented to the site with a Cloudflare IP address.
                Then something isn't right. I've had very busy forums on CloudFlare and I'm not sure a single members has ever asked why they got a challenge from CloudFlare. Do you have the Security settings set too high? I go with essentially off because it's not worth confusing or losing potential new members in order to block spam bots. CSF is my main defense against China, not CloudFlare. Make sure your settings in CloudFlare are all very conservative at first (especially Security) and then ease up from there if you feel you need to. Going higher than Low is redundant IMO because then you're just going to start inconveniencing real users.

                I wish China were disconnect from our internet and just had their own. Same for Vietnam, Russia, Nigeria, etc.
                Sorry, it's not a challenge from CloudFlare, but a rejection from vB itself (5 consecutive login failures, try again in 15 minutes). My theory is that as there is a lot of commonality in the IP addresses that users now present to vBulletin that if there are a few failures from genuinely different people, vB thinks they are all the same so starts blocking defensively.

                I'll try the reverse proxy stuff suggested (I'd have done it by now but, bizarrely, I've found I have a 3.8 config.php running alongside my vB 4.2).
                If you uupgraded from Vb 3.8 to VB 4.x you may still have your original 3.8 config.php file. All you need to do is grab a copy of config.php.new from the original VB 4.2.x install package and update it with all the info from the 3.8 config.php file, then upload it as the new config.php. (Obviously keep a backup of the old file just in case of any mistakes.)

                Comment

                • diecastfast
                  Member
                  • Nov 2007
                  • 62
                  • 3.6.x

                  #9
                  BTW, since I found this thread by searching for "vBulletin Cloudflare integration" I thought it might help others to also consider Google Page Speed. I applied last night for an invitation and got it this afternoon. Unfortunately, I didn't have the time to wait as I had some serious DNS issues that Cloudflare resolved immediately. But I would recommend that others consider Google Page Speed. It receives some respect in comparisons with Cloudflare, though not quite as easy to configure.

                  Comment

                  • diecastfast
                    Member
                    • Nov 2007
                    • 62
                    • 3.6.x

                    #10
                    Wow, what a convoluted way to embed images. Anyway, here is a link to GTMetrix test results before-and-after integrating CloudFlare on my 3.8.7 site.

                    Comment

                    • Cobra SA
                      Senior Member
                      • May 2007
                      • 203

                      #11
                      Originally posted by Zachery
                      The problem with cloudflare, is that you need to enter a few hundred thousand ip addresses.
                      sorry to bump this but is this still relevant, you still do not support cidr format? :|

                      Comment

                      • Mark.B
                        vBulletin Support
                        • Feb 2004
                        • 24286
                        • 6.0.X

                        #12
                        Originally posted by Cobra SA

                        sorry to bump this but is this still relevant, you still do not support cidr format? :|
                        vBulletin 4 is not the current product and receives no active development outside of php compatibility updates, so no.
                        MARK.B
                        vBulletin Support
                        ------------
                        My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
                        My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

                        Comment

                        • Cobra SA
                          Senior Member
                          • May 2007
                          • 203

                          #13
                          Originally posted by Mark.B

                          vBulletin 4 is not the current product and receives no active development outside of php compatibility updates, so no.
                          What would the the consequences on the performance if my config file has these hundreds thousands IP :|
                          if the server has to check through hundreds thousands IPs each time one user do anything, I assume there will be some kind of consequence?

                          Comment

                          • Mark.B
                            vBulletin Support
                            • Feb 2004
                            • 24286
                            • 6.0.X

                            #14
                            Originally posted by Cobra SA

                            What would the the consequences on the performance if my config file has these hundreds thousands IP :|
                            if the server has to check through hundreds thousands IPs each time one user do anything, I assume there will be some kind of consequence?
                            It's not something we would recommend or support.

                            The short answer is, don't use Cloudflare. It causes endless problems with vBulletin, just search here, vbulletin.org and pretty much anywhere else.
                            MARK.B
                            vBulletin Support
                            ------------
                            My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
                            My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

                            Comment

                            • Paul M
                              Former Lead Developer
                              vB.Com & vB.Org
                              • Sep 2004
                              • 9886

                              #15
                              It will never support CIDR.
                              However, 4.2.3 onwards does support a trailing wildcard in the reverse proxy set-up.
                              e.g. you can specify '192.168.*' or '10.*' - you can also specify 'all', which speaks for itself.
                              Baby, I was born this way

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...