What do I need to know about using s2Member with CloudFlare?

[raamdev]

---

KB Article Creation Checklist

• [x] Write initial draft for this KB Article; label this issue draft and either questions or tutorials
• [x] Add required YAML configuration
• [ ] Add Tags for this KB Article to the YAML config (see YAML Keys (Explained))
• [ ] Edit and finalize draft for publishing (remove draft label, add draft-finalized label)
• [ ] Assign Issue to yourself and create Markdown file (remove draft-finalized label, add pending)
• [ ] Project Lead: Review and Publish KB Article (remove pending label, add published label)

  Additional TODOs

Additional TODO list items go here.

title: What do I need to know about using s2Member with CloudFlare?
categories: questions
tags: 
author: raamdev
github-issue: https://github.com/websharks/s2member-kb/issues/160

---

Using CloudFlare results in all requests to s2Member looking like they're coming from the same IP address. What kinds of areas will this affect?

• IP Restrictions / Logins? http://www.s2member.com/forums/topic/s2member-and-cloudflare/
• File Downloads? https://websharks.zendesk.com/agent/tickets/5569

Have you configured your server with mod_cloudflare so that your visitor's IP Addresses are passed through to the web server? Please see https://www.cloudflare.com/resources-downloads#mod_cloudflare

[raamdev]

@jaswsinc I could use some brainstorming help here. Will having a server configured with mod_cloudflare (so that visitors' IP addresses are passed through to the web server) be a requirement to using s2Member + CloudFlare? Are there any other issues you can think of?

[jaswrks]

I'm bumping Cloudflare testing up on my list so that I can answer this.

[jaswrks]

@raamdev writes...

Using CloudFlare results in all requests to s2Member looking like they're coming from the same IP address. What kinds of areas will this affect?

If you're running the Cloudflare WordPress plugin this should not be an issue, based on this code that I find the WordPress plugin for Cloudflare.

@raamdev writes...

I could use some brainstorming help here. Will having a server configured with mod_cloudflare (so that visitors' IP addresses are passed through to the web server) be a requirement to using s2Member + CloudFlare? Are there any other issues you can think of?

Based on the code that I just reviewed, I don't think mod_cloudflare will be necessary if we implement checks for $_SERVER["HTTP_CF_CONNECTING_IP"] in both s2Member and in ZenCache.

---

Referencing: https://github.com/websharks/zencache/issues/418

[raamdev]

Based on the code that I just reviewed, I don't think mod_cloudflare will be necessary if we implement checks for $_SERVER["HTTP_CF_CONNECTING_IP"] in both s2Member and in ZenCache.

Awesome. That simplifies things!

I've added some of these notes to the related ZenCache issue.

I also opened an s2Member GitHub Issue to track this: https://github.com/websharks/s2member/issues/526

[jaswrks]

@raamdev writes...

I also opened an s2Member GitHub Issue to track this: websharks/s2member#526

Cool, thanks.

[garycarlyle]

I am getting issues with Cloudflare whilst using the S2member pro login widget. Even though I am logged in it still has the logged out version of the widget on my pages. Nothing in browser consoles and no rules are being triggered by Cloudflare WAF. I suspect CloudFlare Rocket Loader is the culprit. Can you stick this in the plugin please to disable rocket loader specifically for the widget?

https://support.cloudflare.com/hc/en-us/articles/200169436-How-can-I-have-Rocket-Loader-ignore-my-script-s-in-Automatic-Mode-

[jaswrks]

@garycarlyle Thank you for that suggestion. I agree. However, I also think we should try to avoid this altogether by having s2Member add that attribute to exclude itself. I'm opening an issue here: https://github.com/websharks/s2member/issues/1038