Using Cloudflare with Xenforo forums

Xenforo is fast becoming a popular forum software for websites. As with using any new service in the beginning, using Cloudflare with Xenforo  may have common areas of confusion and solvable problems. Cloudflare has created this quick guide to help make using the two services together as painless as possible.

Step #1

Cloudflare acts a reverse proxy for sites using our service, which means that all of the visitor IPs will show as ours until you install something to restore original visitor IP. Xenforo users can follow the directions here about fixing the IP addresses with Xenforo and Cloudflare.

Why do this?

Cloudflare’s IPs will show in your comments. If you try to track or ban members by IP address, you are going to inadvertently be blocking Cloudflare’s IP addresses by mistake.

Step #2

Create a Cloudflare PageRule to exclude the admin section of your site (by url) from Cloudflare’s caching and optional performance features. We have seen some cases where a plugin or extension doesn’t work properly with certain performance features, and we have also seen cases where the virtual editor won’t work.

Why do this?

Prevent admin functions from possibly being impacted by caching or performance features. You will also see that PageRules can allow you to extend our caching beyond static content and will also give you the capability of doing redirects with Cloudflare.

Step  #3

Login to your Cloudflare account and whitelist (or blacklist) IPs in your Threat Control panel. If you expect certain services to access your website, such as an API or IPs you access frequently from, then you would want to make sure their IPs are whitelisted (some security solutions on our end may look at some of their actions like an attack, so whitelisting the IPs will override the behavior if a security trigger occurs).

If you don’t want certain IPs to access your site, conversely,  then you can also use Threat Control to stop those IPs from hitting your site.

Why do this?

Prevent valid services you want accessing your site from being blocked or challenged by Cloudflare’s Basic Security Level or Web Application Firewall.

Step #4

Review your Cloudflare DNS settings to make sure you have all the records for your domain present (subdomains, etc.). While Cloudflare will pick up many common records for your site during the signup process, we will not pick up custom named subdomains and other uncommon subdomains during the signup process. If you find that a subdomain is not working on your site after switching to Cloudflare, then you simply need to add the records in your DNS settings and the subdomain will start working shortly after that.

Note:Not required if you activated through a Cloudflare hosting partner.

Why do this?

You want to make sure that all of your DNS records are present or they won’t resolve when visitors try to access them.

Step #5

Review your Cloudflare Performance and Security Settings

While we step you through many of the features available during the signup process, there are still other things you can turn on and off for your site in your Cloudflare settings. If you want to turn your security level to a higher level to help with a  comment spam attack, for example, you can make the adjustment in the security settings for the domain. If you want to make changes to your optional performance features or caching, then you can do so in your performance settings.

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.