Cloudflare users must turn off Cloudflare's DDoS/Origin IP protection system. With it, Miraheze cannot process SSL certification request and create problems with our internal systems. Our IPs are already public so we do not need Origin IP protection, and we have DDoS protection through our network vendor.
In addition, we require that Cloudflare's proxy options and workers are disabled, as they can interfere with Miraheze's Content Security Policy (CSP). The CSP is designed to protect Miraheze wikis from malicious content that may be loaded onto a wiki page from an external resource, and therefore interfering with its function can expose Miraheze to security risks.
Follow the steps to find out how to disable Cloudflare DDoS/Origin IP protection system.
This assumes you are using dash.cloudflare.com dashboard.
- Go to dash.cloudflare.com
- Click your domain in the dashboard.
- Go to "DNS".
mw-lb.miraheze.org. The cloud with an array must be grey color. If it is yellow, click it to make it grey. Click "Add Record". The result have to look like the last image.
If you are done with this, please go back to Custom domains and continue with the steps.
Please note that not following the rules detailed may result in your custom domain being removed immediately and further action if necessary. In case of any doubt, feel free to contact us at techmiraheze.org or ask on the Phabricator task you create.