merp (Taiwan arc)
merp (Taiwan arc)
PostsComments
CDCloudflare Developers
Created by merp (Taiwan arc) on 5/19/2024 in #general-help
Custom challenge pages
Hi, I'm trying to create a custom challenge page per https://developers.cloudflare.com/support/more-dashboard-apps/cloudflare-custom-pages/configuring-custom-pages-error-and-challenge/#step-2-select-your-custom-error-tokens This tells me to use the token ::CAPTCHA_BOX:: where the CAPTCHA will be placed. I did so, but it seems like no matter what I do, the additional text: 
example.com
Checking if the site connection is secure
example.com needs to review the security of your connection before proceeding.
Ray ID: 000000000000000
Performance & security by Cloudflare
example.com
Checking if the site connection is secure
example.com needs to review the security of your connection before proceeding.
Ray ID: 000000000000000
Performance & security by Cloudflare
is displayed around the CAPTCHA box. However, I've seen other sites protected by Cloudflare that also have custom challenge pages without this, for example, Dcard.tw (basically Reddit in Taiwan). It's not any CSS or injected JS trickery, there's absolutely no mention of the phrase "Performance & security by Cloudflare" in the page source whatsoever. How are they doing this?
18 replies
CDCloudflare Developers
Created by merp (Taiwan arc) on 5/16/2024 in #general-help
Cloudflare Zero Trust OpenID IdP with HS256 id_token signature
Hi, I’m trying to configure an OpenID IdP for my Zero Trust config. However, the OpenID IdP in question provides HS256 signatures. In Cloudflare Zero Trust it appears like it’s only possible to configure a certificate URL but not a HS256 secret key. Is this configuration somehow possible or do I need some sort of OpenID proxy to handle it?
2 replies
CDCloudflare Developers
Created by merp (Taiwan arc) on 4/29/2024 in #general-help
Deleting a hostname association for authenticated origin pulls
Hi, I am trying to delete a hostname association for authenticated origin pulls: https://developers.cloudflare.com/api/operations/per-hostname-authenticated-origin-pull-enable-or-disable-a-hostname-for-client-authentication For now I set all of them to null with PUT https://api.cloudflare.com/client/v4/zones/**snip**/origin_tls_client_auth/hostnames, which according to the docs is supposed to invalidate the entry, but then when I do GET https://api.cloudflare.com/client/v4/zones/**snip**/origin_tls_client_auth/hostnames it is still listed there. Can it be deleted entirely?
2 replies
CDCloudflare Developers
Created by merp (Taiwan arc) on 4/28/2024 in #general-help
Wordpress APO for a site with multiple Wordpress installations in different directories
Hi, I'm interested in setting up Wordpress APO (https://wordpress.org/plugins/cloudflare/) and hopefully having my entire Wordpress site served from the Cloudflare edge. My site actually consists of multiple Wordpress installations on the same domain but in different directories (more specifically, there's a Wordpress installation in the root directory https://example.com, and then a second Wordpress installation, with its own files, in a subdirectory like: https://example.com/wp). It is not a "multisite" configuration, both installations are independent installations each with its own set of files, its own database schema, etc. I'm wondering if I can still use the Wordpress APO plugin. Do I need to install the plugin on both installations? Will there be any issues? If I install it, should I remove other caching plugins such as WP Rocket?
3 replies