Please, for the love of all that is holy, ditch the cloudflare 'protection'

[twhiting9275]

Oy to the vey, it is impossible to work around CF any more. from blocking due to supposed sql injection attacks (that's what happens when you actually try to help someone here with valid code) to getting repeatedly thrown out for trying to use quick reply and post code.. There's got to be a better way to manage 'security'.

[brian!]

+1 absolutely agree.

 

truly annoying when you have a browser tab open for a while, submit/preview the reply and you get the damned cloudflare captcha... occasionally, it will even lose the content of the post or just give you a blank page and not post it...

I can minimise the hassle by using the Lazarus Firefox addon, but even so, I too would welcome it's removal.

 

sometimes you can't even re-edit the post later when it has code in it - it's ridiculous... that's got nothing to do with cloudflare, but while i'm here ranting on this, I might as well mention it.... AGAIN!

[pRieStaKos]

Up vote that

[xyzulu]

I don't think it's Cloudflare that is the issue, more just how it's been configured. WHMCS if you want a hand, let me know. Overall the performance of this forum is not the best.

 

My rant related to this is that the WHMCS team seem to not want people like "us" being as active as we are on these forums. That's just the feeling I get when interacting with them. Having run a large community in the past, having active members contributing adds to the overall value of your product in terms of the support available. It baffles me that the reverse seems to be what happens here.

[wsa]

+1 absolutely agree

[bear]

My rant related to this is that the WHMCS team seem to not want people like "us" being as active as we are on these forums. That's just the feeling I get when interacting with them.

It was much worse a little while back, but some personnel changes have actually improved that, IMHO. I stayed away for quite a while because of it, and only recently began (lightly) participating again.

'nuff said about that.

[WHMCS ChrisD]

Hi Everyone,

 

Thanks for your feedback, we truely appriciate it. I'm opening a discussion internally around the impacts that CloudFlare is having on the community as there does seem to be a core group of users affected.

 

Can I please confirm is this happening generally only when you add code to your posts? Is it affecting you when you try using "Advanced Posting"

 

Thanks again for your feedback.

[twhiting9275]

Chris,

I have had this happen when , as Brian mentioned, posting code snippets, where the system will sometimes throw captcha, sometimes not. Additionally, it's random whether or not the post you made remains. Sometimes it does, sometimes it doesn't.

 

What prompted this thread though was a 'you've been blocked' message from CF (not the forum), simply because I had the gall to post a MySQL query phrase ,claiming I was trying to inject something.

 

I get the need for protection, we all do, but there are correct ways and incorrect ways to go about that. Alienating those trying to better your community. Not the best approach to that.

[WHMCS ChrisD]

Hey Everyone,

 

Firstly, I want to apologise I have not responded to this thread earlier, it seems there are not enough hours in the day!

 

I wanted to let everyone know I am escalating this issue internally as it falls outside of what I can fix, as I get more information from the teams I will be coming back to your to get more information as the team ask for it

[WHMCS ChrisD]

Hi Everyone,

 

I'm pleased to advise that some tweaks have been made to the Cloudflare Protection which should assist in reducing the errors that you have been facing. Please let me know over the next day or so how this goes for you all so I can loop this back to the team.

 

I appriciate your patience and assistance as we worked on this

[yggdrasil]

It’s almost impossible not to have a problem with CloudFlare and posting code unless they can tell CloudFlare to somehow ignore the checks that come from the subdomain forum.whmcs.com

 

The way CloudFlare works in this case is by checking all the POSTS request and if my memory serves me right they use the filtering system from Nginx called Naxsi as Mod security didn’t scale for them.

 

Actually, some third party’s tests on CloudFlare WAF protection system concluded it was mostly gimmick or not doing anything at all. I happen to agree, if it was, you would not be able to post almost a single post here that includes code. Now, the forum does exclude code with specific tags surrounding it assuming you are properly using the code option formatting. I suspect this not possible with CloudFlare but if it’s an option, they could skip or avoid any filtering or checking on code that is surrounded by those tags in the post request. That would basically solve the problem.