This project is not covered by Drupal’s security advisory policy.

CloudFlare is a FREE reverse proxy, firewall, and global content delivery network and can be implemented without installing any server software or hardware.

On average, CloudFlare-powered websites load 30% faster, use 60% less bandwidth, and process 65% fewer requests. CloudFlare-powered websites are protected from many forms of malicious activity including: comment spam, email harvesting, SQL injection, cross-site scripting, and DDoS (denial of service) attacks.

The CloudFlare V1 api will be deprecated November 9th. As a result The 6.x and 7.x branches will cease to work on November 9'th.

8.x Branch

Special thanks to Wim Leers and Niels Van Mourik for their collaboration and support on all things cache and purge!

Current Features

  • Cache clearing by Path (Recommended For Free and Professional) and Tag (Enterprise).
  • Restore client's original IP address.

Quick Start Instructions

Dependencies

Support

CloudFlare Free Tier vs Enterprise

  • Free Tier does not support cache tags.
  • If you attempt to configure tag based purging on Free Tier you will get HTTP 400 error codes in the error log.
  • Free Tier don't have a vary by cookie. In English? That means if you login to
    your site then authenticated pages can get cached by the CDN. So anonymous users
    users see what appear to be authenticated pages (they are not really authenticated).
    To work around we recommend that you setup a separate domain for authenticated
    users. e.g if your domain is yourdomain.com then setup a second domain for
    authenticated users that bypasses cloudflare e.g edit.yourdomain.com. In this setup block access to /user on your public
    domain via .htaccess rules.
  • By default CloudFlare will cache static resources but not HTML. You need to add a page rule to cache all the things.

Cache Tags

In D8 cache clearing is a whole new world. D8 introduces the concept of cache
tags. Cache tags represent groupings of content that should be purged when
content is created, updated or deleted. Most of this already happens behind the
scenes so you don't need to rely on extensive rules like in D6/D7.
See hereand here for more info on tags. This
module has experimental support for Tags (it will still work with path based purging).

Note to those updating from earlier version

You will need to update your composer dependencies:

  • composer require d8-contrib-modules/cloudflarephpsdk "1.0.0-alpha5"
  • You will also need to update to the most recent version of the Purge module.

Gotcha's, Disclaimers, & Technical Notes

To read more about different details, and gotchas read more here.

7.x Branch

7.x Functionality

  1. Corrects $_SERVER["REMOTE_ADDR"] so it contains the IP address of your visitor, not CloudFlare's reverse proxy server.
  2. Integrates with CloudFlare's Threat API so you can ban and whitelist IP addresses from the Drupal Comment administration screen.
  3. Integrates with CloudFlare's Spam API.
  4. Integrates with CloudFlare's Client Interface API (planned).

How do I get started with CloudFlare?

  1. Visit http://www.cloudflare.com to sign up for a free account.
  2. Follow their 5-minute configuration wizard.

Installation Instructions 7.x

  1. Install and Enable this module.
  2. Assign permissions to administer module (if you are not logged in as the user 1, admin)
  3. Add code at the end of your settings.php file:

    if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {
      $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
    }
    
  4. Save your email address and CloudFlare API key to the CloudFlare administration screen on your Drupal web site (admin/settings/cloudflare).

How do I use this module?:

Presently you can submit Spam reports & ban/whitelist IP addresses from the Comment Administration section (/admin/content/comment). Look for the "Update Options" drop down listbox and choose one of the available CloudFlare Actions.

About the maintainer:
This module was sponsored by yadaDROP LLC, a Drupal Development company.

Legal

CloudFlare is a trademark of CloudFlare Inc. This module has not been built,
maintained or supported by CloudFlare Inc. This is an open source project with
no association with CloudFlare Inc. The module uses their API, that's all.

Supporting organizations: 
Donated developer time for D8 port!

Project Information

Downloads