- XF Compatibility
- 2.3.x
- Short Description
- Where is the place to Download and Discuss Session Validator for Cloudflare 1.0.1? The answer is here. It is zip Extention type and 48.7 KB File size. From The Content have 1 discussion, 1 Updates, 21 Views on NullPro.
Why do members want to download Session Validator for Cloudflare from here? Because this resource was immediately available as of 2025-06-02, It received professional maintenance and updates when it was released synchronously on NullPro.
Session Validator for Cloudflare is a lightweight XenForo 2.2+ add-on that validates user sessions and adds verification headers for use with Cloudflare's Web Application Firewall (WAF) rules. This allows you to create sophisticated security rules that differentiate between authenticated forum members, guests, and bots.
Key Features
- Automatic Session Validation - Validates XenForo sessions early in the request cycle before any content is processed
- Security Headers - Adds custom HTTP headers that Cloudflare can read to identify verified users
- Flexible Configuration - Control what information is exposed via headers with verbose output options
- Lightweight Performance - Minimal impact with efficient database queries and optional caching
- Privacy Conscious - Verbose output can be disabled to limit exposed information
- Bot Protection - Easily create WAF rules to block malicious bots while allowing legitimate users
How It Works
The add-on validates XenForo sessions by checking:
- Session cookies (xf_session, xf_user, xf_csrf)
- Session activity in the database
- User authentication status
Based on validation results, it sets HTTP headers that Cloudflare can use in WAF rules:
Code:
XF-Verified-User: true
XF-Verified-Session: true
XF-Session-Validated: 1735695120- Block Aggressive Bots - Create rules that challenge or block requests without valid sessions
- Protect Against DDoS - Rate limit non-authenticated users more aggressively
- Prevent Content Scraping - Require valid sessions for accessing certain content
- Enhanced Security Rules - Build complex WAF rules based on user authentication status
- Member-Only Areas - Enforce authentication at the edge with Cloudflare
Example Cloudflare WAF Rule
Block requests to attachments without valid session
Code:
(http.request.uri.path contains "/attachments/" and not http.request.headers["xf-verified-user"][0] eq "true")
Action: Block- Enable/Disable - Turn session validation on/off
- Activity Window - Set how long users are considered active (default: 24 hours)
- Verbose Output - Include additional headers with user details (ID, username, staff status)
Technical Details
- Integrates via XenForo event listeners (app_setup, app_admin_setup, app_api_setup)
- Validates against xf_session_activity table
- Supports both regular and admin sessions
- Compatible with XenForo's built-in caching systems
- Clean uninstall with no database modifications
Requirements
- XenForo 2.2.0 or higher
- PHP 7.2 or higher
- Cloudflare account (Free, Pro, Business, or Enterprise)
- Basic knowledge of Cloudflare WAF rules
Installation
- Download and extract the add-on
- Upload to src/addons/WindowsForum/SessionValidator/
- Install via Admin CP → Add-ons
- Configure options in Admin CP → Options → Session Validator
- Create Cloudflare WAF rules using the provided headers
Support
This add-on is provided under the MIT License. Community support is available in this thread.
![[TH] XWiki](https://cdn.nullpro.ru/data/resource_icons/24/24973.jpg?1749397494){kind=icon}
![[AndyB] Who replied](https://cdn.nullpro.ru/data/resource_icons/23/23959.jpg?1740249975){kind=icon}
![[XenGenTr] Fixed and Normal topic bar](https://cdn.nullpro.ru/data/resource_icons/24/24949.jpg?1749133877){kind=icon}