Hi
I want to make sure that the CDN (cloudflare in this case) completely ignores any of it's interventions when my users are trying to upload files to my site (to the downloads app)

I tried this:
 

path: *mysite.com/index.php?/files/submit/*
rules: Disable Security, Security Level: Essentially Off, Cache Level: Bypass, Disable Zaraz, Disable Apps, Disable Performance

But no luck. Is there a specific path I should use?

The rules are perfect, but I am not using the right path. Does anyone know what path should be used so all of these rules will apply and not interfere with someone trying upload files?

Edited March 19, 20241 yr by SJ77

What are you meaning with interfering with uploads?  Need more detail. For example CF does not allow uploads more than 100MB no matter what you turn off if you have free plan.

If that’s not the issue, is WAF denying something?

Typically the path would be whatever the POST action is going to. 

 

What are you meaning with interfering with uploads?  Need more detail. For example CF does not allow uploads more than 100MB no matter what you turn off if you have free plan.

If that’s not the issue, is WAF denying something?

For some reason when it's on, everyone complains that uploads are very slow. Takes a long time. I know plupload works in the back of invision power, so I don't know how the upload process or flow of data works. I just know when CF is on, people are upset. I just want to bypass all of it for upload files to downloads app, while still using it for other stuff.

I did manage to fix it for downloading files from downloads app using a similar approach. But I can't quite get it right for uploads.
 

 

 

Typically the path would be whatever the POST action is going to. 

Yes, this is what I need to know. Where?
 

Uploads regardless will flow through CloudFlare and go through their process if you have processing enabled through your DNS.

 

Uploads regardless will flow through CloudFlare and go through their process if you have processing enabled through your DNS.

So I can bypass downloads but not uploads?

I believe this due to how CF handles file uploads. Turning off features won’t matter. For example, CF WAF would not inspect uploads outside of the headers. It does not inspect the body of the request. (Typically something like the first 15k of a file.) 

Their enterprise plans have better handling for uploads such as streaming the request to origin, but I don’t believe those features are available on their free/business plans. 

 

So I can bypass downloads but not uploads?

The only way to do that would be to have two different dns records … one going through CF and one not. Then manually editing your theme code to hard code the non-CF address.  Even then I’m not sure it would work because the IP addresses would not match or could trigger a CSRF error. 

This will most likely be more of a use it and deal with it or turn it off entirely if uploads are that important (or pay for an enterprise plan).