• Maintenance Notice ! 🚧

    We are currently making some updates to improve our services. During this time, there may be temporary outages or disruptions.

    We appreciate your patience and understanding.


    All current Registered Users must Reset the Password !

DGT Girl

Session Validator for Cloudflare 1.0.0

No permission to download
Overview History
Compatible Versions
2.3
Visible Branding
No
Session Validator for Cloudflare
Secure your XenForo forum with intelligent session validation

Overview
Session Validator for Cloudflare is a lightweight XenForo 2.2+ add-on that validates user sessions and adds verification headers for use with Cloudflare's Web Application Firewall (WAF) rules. This allows you to create sophisticated security rules that differentiate between authenticated forum members, guests, and bots.

Key Features
  • Automatic Session Validation - Validates XenForo sessions early in the request cycle before any content is processed
  • Security Headers - Adds custom HTTP headers that Cloudflare can read to identify verified users
  • Flexible Configuration - Control what information is exposed via headers with verbose output options
  • Lightweight Performance - Minimal impact with efficient database queries and optional caching
  • Privacy Conscious - Verbose output can be disabled to limit exposed information
  • Bot Protection - Easily create WAF rules to block malicious bots while allowing legitimate users

How It Works
The add-on validates XenForo sessions by checking:
  1. Session cookies (xf_session, xf_user, xf_csrf)
  2. Session activity in the database
  3. User authentication status

Based on validation results, it sets HTTP headers that Cloudflare can use in WAF rules:

Code: 
XF-Verified-User: true
XF-Verified-Session: true
XF-Session-Validated: 1735695120

Use Cases
  • Block Aggressive Bots - Create rules that challenge or block requests without valid sessions
  • Protect Against DDoS - Rate limit non-authenticated users more aggressively
  • Prevent Content Scraping - Require valid sessions for accessing certain content
  • Enhanced Security Rules - Build complex WAF rules based on user authentication status
  • Member-Only Areas - Enforce authentication at the edge with Cloudflare

Example Cloudflare WAF Rule
Block requests to attachments without valid session
Code: 
(http.request.uri.path contains "/attachments/" and not http.request.headers["xf-verified-user"][0] eq "true")
Action: Block

Configuration Options
  • Enable/Disable - Turn session validation on/off
  • Activity Window - Set how long users are considered active (default: 24 hours)
  • Verbose Output - Include additional headers with user details (ID, username, staff status)

Technical Details
  • Integrates via XenForo event listeners (app_setup, app_admin_setup, app_api_setup)
  • Validates against xf_session_activity table
  • Supports both regular and admin sessions
  • Compatible with XenForo's built-in caching systems
  • Clean uninstall with no database modifications

Requirements
  • XenForo 2.2.0 or higher
  • PHP 7.2 or higher
  • Cloudflare account (Free, Pro, Business, or Enterprise)
  • Basic knowledge of Cloudflare WAF rules

Installation
  1. Download and extract the add-on
  2. Upload to src/addons/WindowsForum/SessionValidator/
  3. Install via Admin CP → Add-ons
  4. Configure options in Admin CP → Options → Session Validator
  5. Create Cloudflare WAF rules using the provided headers

Support
This add-on is provided under the MIT License. Community support is available in this thread.

Changelog
Version 1.0.0 (Current)
  • Initial release
  • Core session validation functionality
  • Configurable verbose output
  • Full documentation included

Protect your forum today with intelligent session validation!
Author
DGT Girl
First release
Last update

Ratings

0.00 star(s) 0 ratings

About Us

Our group is called DGT (DENiED GRiNDERZ TEAM) founded in 2004. DGT is a web-based group, which means we are working apart any scene network.

Back
Top