Session Validator for Cloudflare

Session Validator for Cloudflare 1.0.1

No permission to download
XF Compatibility
  1. 2.3.x
Short Description
Session Validator for Cloudflare - A lightweight XenForo 2.2+ add-on that validates user sessions and adds verification headers for Cloudflare's WAF rules, enhancing security with automatic validation, flexible configuration, and bot protection. Key features include automatic session validation, custom HTTP headers, and privacy-conscious output options.

Why do members want to download Session Validator for Cloudflare from here? Because this resource was immediately available as of 2025-06-02, It received professional maintenance and updates when it was released synchronously on NullPro.
Session Validator for Cloudflare is a lightweight XenForo 2.2+ add-on that validates user sessions and adds verification headers for use with Cloudflare's Web Application Firewall (WAF) rules. This allows you to create sophisticated security rules that differentiate between authenticated forum members, guests, and bots.

Key Features
  • Automatic Session Validation - Validates XenForo sessions early in the request cycle before any content is processed
  • Security Headers - Adds custom HTTP headers that Cloudflare can read to identify verified users
  • Flexible Configuration - Control what information is exposed via headers with verbose output options
  • Lightweight Performance - Minimal impact with efficient database queries and optional caching
  • Privacy Conscious - Verbose output can be disabled to limit exposed information
  • Bot Protection - Easily create WAF rules to block malicious bots while allowing legitimate users

How It Works
The add-on validates XenForo sessions by checking:
  1. Session cookies (xf_session, xf_user, xf_csrf)
  2. Session activity in the database
  3. User authentication status

Based on validation results, it sets HTTP headers that Cloudflare can use in WAF rules:
Code:
XF-Verified-User: true
XF-Verified-Session: true
XF-Session-Validated: 1735695120
Use Cases
  • Block Aggressive Bots - Create rules that challenge or block requests without valid sessions
  • Protect Against DDoS - Rate limit non-authenticated users more aggressively
  • Prevent Content Scraping - Require valid sessions for accessing certain content
  • Enhanced Security Rules - Build complex WAF rules based on user authentication status
  • Member-Only Areas - Enforce authentication at the edge with Cloudflare

Example Cloudflare WAF Rule
Block requests to attachments without valid session
Code:
(http.request.uri.path contains "/attachments/" and not http.request.headers["xf-verified-user"][0] eq "true")
Action: Block
Configuration Options
  • Enable/Disable - Turn session validation on/off
  • Activity Window - Set how long users are considered active (default: 24 hours)
  • Verbose Output - Include additional headers with user details (ID, username, staff status)

Technical Details
  • Integrates via XenForo event listeners (app_setup, app_admin_setup, app_api_setup)
  • Validates against xf_session_activity table
  • Supports both regular and admin sessions
  • Compatible with XenForo's built-in caching systems
  • Clean uninstall with no database modifications

Requirements
  • XenForo 2.2.0 or higher
  • PHP 7.2 or higher
  • Cloudflare account (Free, Pro, Business, or Enterprise)
  • Basic knowledge of Cloudflare WAF rules

Installation
  1. Download and extract the add-on
  2. Upload to src/addons/WindowsForum/SessionValidator/
  3. Install via Admin CP → Add-ons
  4. Configure options in Admin CP → Options → Session Validator
  5. Create Cloudflare WAF rules using the provided headers

Support
This add-on is provided under the MIT License. Community support is available in this thread.
Author
axtona
Views
212
Extension type
zip
File size
48.7 KB
First release
Last update
Ratings 0.00 star(s) 0 ratings
Link was Broken? Send message to the Website Team and we will assist you quickly!
Support Developer If you are satisfied with the test or your project has earned you money, Click the More Information button to support the developer by purchasing.

Latest updates

  1. 1.0.1 - changelog
    What's Changed Use XenForo database connection instead of direct PDO Simplify CSRF check to avoid double validation Update to version 1.0.1...

More resources from axtona

Relevio.ai A
Relevio.ai 1.0.0
This is the XenForo add-on for Relevio, a unique context‑aware, rule‑driven moderation engine
AI ForumBot A
AI ForumBot 1.1.1
ForumBot gives you a bot trained on your forum's own content
Persona - Personalise Your Forum Identity A
Persona gives every member on your forum the tools to make their presence their own.

Similar resources

[AL] Add-on Validator N
The add-on verifies that all installed add-ons follow XenForo coding standards regarding extending c
[DigitalPoint] App for Cloudflare A
Everything is available from within XenForo
[OzzModz] Cloudflare Image Resizing - On Demand Responsive Images A
A game-changing addition to Xenforo, leverage the power of Cloudflare Image Resizing
Back
Top