CloudFlare things and query strings

6 posts Page 1 of 1
rrhode
Junior Member
Posts: 9
Joined: 18 May 2009, 21:08


Hello,

I am having an issue with Cloudflare. However I do not have the Cloudflare option enabled in CSF. I don't want to send blocked IPs to Cloudflare since it's just a free account anyway and I don't like all the other restrictions I saw in the readme file. I just wanted to use Cloudflare for caching. Herein lays the issue.

There is only one website on this server and it's a WordPress site. Certain files such as CSS or JS have version strings attached to them like /wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.6-78496d1

When Cloudflare is paused or in development mode loading this particular file works perfectly fine. However when running normally it does not load, it gives a 522 error indicating it cannot get a response from the server. It does get a response when I disable CSF and the file loads fine. It also loads fine if I remove the query string like so: /wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

This may happen on other files as well but this was the one I was testing with.

I have added the Cloudflare IPs to the csf.ignore and csf.allow and restarted CSF but the issue persists.

I've tried disabling SPI and it didn't seem to have any affect. I also tried adjusting various other options in CSF as well as Cloudflare to no avail.

The server does not have mod_cloudflare and CF_ENABLE is 0 and does not have the Cloudflare WP plugin installed. Would this affect this at all? I suspect not because it seemed to me like those things were specific to sending the IPs to Cloudflare's firewall to block them there as well which I don't want to do.

I found a few posts from people having very similar issues on the Cloudflare forums but nobody had any solution posted. I suspect they were probably using CSF as well.

I've also tried various browsers and tried from another system as well using curl but always get the same 522 error from Cloudflare when their caching is enabled.

I tried changing their Caching Level setting to all the different options but that didn't work.

I don't see anything in the logs anywhere on the server when this happens either which is odd.

Any ideas on where to go from here?

Thank you!
BallyBasic79
Junior Member
Posts: 70
Joined: 22 Aug 2019, 21:43


Which logs are you looking at?
Which server/panel are you running?
Do you have some other security running, such as mod_security or cPHulk?
rrhode
Junior Member
Posts: 9
Joined: 18 May 2009, 21:08


Thank you for your response!

I looked at all the logs in the /var/logs folder such as syslog, kern.log, lfd.log, etc. I didn't see anything new being logged. This includes the error and access logs of the site as well.

Running Ubuntu 18.04 with Virtualmin GPL.

I don't think I have any other security software running that I can think of, No mod_security or cPHulk or anything like that. Clamav is installed but I don't believe it runs constantly in the background. I believe AppArmor is on there. SELinux seems to be disabled. Not sure if those affect anything.
BallyBasic79
Junior Member
Posts: 70
Joined: 22 Aug 2019, 21:43


rrhode
Junior Member
Posts: 9
Joined: 18 May 2009, 21:08


They mention the way they solved it was removing page rules but there aren't any page rules in Cloudflare.

They also mentioned that removing it from Cloudflare and readding it might fix it but I'm not sure why that would be the case because it works fine with CSF disabled.

It seems like something to do with CSF somehow or another since when I disable CSF everything works fine but when I enable it things don't work again even though I've ignored and allowed the Cloudflare IPs. I've also tried to unblock them just in case they were previously blocked but none were actually blocked.

It's odd because it works fine for most things on the site just fine. Only occasional files with a parameter are blocked for some strange reason and they load fine with it removed. Maybe CSF is somehow detecting certain parameters as bad somehow? Wouldn't disabling the SPI prevent that? I looked over all the options a bunch of times but I'm not sure what other options might be responsible for that and it's odd that it doesn't seem to log anything about it.

Rarely it will cause the entire page to give a 522 but usually it loads fine but takes 15-20 seconds for Cloudflare to time out on that specific file.

I also had tried disabling any types of security plugins in WordPress that might block IPs for some reason but that didn't do anything either. I haven't disabled all plugins since that would totally break the site and it's live. Plus that particular file I mentioned before is a core WP file being blocked and I have determined it's CSF that's blocking it on account that disabling CSF causes everything to load fine.

Is it possible that enabling CSF causes Cloudflare to do something different with it's cache somehow which removing and readding the site in Cloudflare would fix besides disabling the cache with developer mode in Cloudflare or pausing Cloudflare altogether? Why wouldn't just changing a setting somewhere fix it? I've tried all the settings I could find that might be related to parameters and none seemed to have any affect so I'm thinking there must be something else somewhere in CSF that's conflicting with it somehow but not sure what, it's very strange.
BallyBasic79
Junior Member
Posts: 70
Joined: 22 Aug 2019, 21:43


Good thoughts. I have no experience with Cloudflare or the issues stated.

I do know that everything in computer systems happens (or doesn't) for a reason. And with networking, there is a trail of events that can be virtually followed.

CSF, in my experience, documents actions taken somewhere. It won't document things it allows or ignores. This means being thoroughly familiar will all of the settings in your CSF config and their implications.

I encourage you to trace the path to that file when it works and then find where it breaks when it doesn't. Good luck!
6 posts Page 1 of 1