this post was submitted on 05 Sep 2025
2 points (100.0% liked)

General Discussion

0 readers
7 users here now

A place to talk about whatever you want

This is a forum category containing topical discussion. You can start new discussions by mentioning this category.

founded 8 months ago
2
Cloudflare Setup (community.nodebb.org)
submitted 1 week ago by yasas@community.nodebb.org to c/general-discussion@community.nodebb.org
6 comments fedilink hide all child comments
 

Hi all,

We've been using Cloudflare for a while now and atm we are in the free tier if that helps(and have turned off acceleration).

Since like last week we've seen a sudden hike in requests to the point where the server cannot handle it anymore.

c565cb7d-b40f-4e4c-8c34-1ef344883e6c-image.png

These should be AI crawlers and we're trying to limit access to them but they seem to crawl into the forum somehow.

While we would want non-logged-in users/visitors to see the content, since no one can use the site anymore we have decided to only let in logged-in users without checks and for others, for a human check to go through.

The following is the rule we're using to identify logged in/actual users:

19bebf17-9484-4b47-93cf-cb9eec823add-image.png

I was wondering if there is a better/more standardised/more accurate way to identify logged in users.

Thanks very much!

top 6 comments
sorted by: hot top controversial new old
[–] omega@community.nodebb.org 2 points 1 week ago* (last edited 1 week ago)

You can also use this online tool to check servers when reviewing the logs in cloudflare, this is an example of one of those serves that showed up, the radar tracks it as 86.8% bot

https://radar.cloudflare.com/bots/as132203

Here can be seen the 6th of September surge on on the graph and it coincides with the server traffic

A lot of these bots are hammering wordpress exploits with targets such as /wp-content/index.php and so on, it might not be a bad idea to block by default if you have server load issues.

[–] yasas@community.nodebb.org 1 points 1 week ago (1 children)

D1re_W0lf Thanks for the response. Seem they do not work as Julian has confirmed.

Hi julian Thanks a lot. Our current version is still NodeBB v3 so guess we may have to either make some tweaks or schedule a v4 upgrade soon. Thanks anyway Julian. Hope crawlers from search engines are still able to get through with the above setup yeah?

[–] julian@community.nodebb.org 1 points 1 week ago

yasas turning on "I'm Under Attack" mode will likely block search engine crawlers as well.

It is meant to be used as a last resort.

[–] yasas@community.nodebb.org 1 points 1 week ago

D1re_W0lf Thanks for the response. Seem they do not work as Julian has confirmed.

Hi julian Thanks a lot. Our current version is still NodeBB v3

[–] be-truong-t.@community.nodebb.org 1 points 1 week ago

fds

  • list item fds
  • list item fds
  • list item
[–] omega@community.nodebb.org 1 points 1 week ago* (last edited 1 week ago)

yasas Yep seen the same last week, not nodeBB install, but the server behind cloudflare showed a huge uptick, not served by cache either. SO I am guessing scanning the whole site or large parts.

IIRC the traffic was coming manly from swiss-german based servers but did not have the time to dig in. This is even with Block AI cralwers turned on.

In the recent past it's been Asia, like mostly Singapore.

The only way to handle this in Cloudflare is to watch and then put in place with geo-based challenge security rules in place afaict