Support » Plugin: BruteProtect » BruteProtect and Cloudflare

  • Resolved sdfvgjuujytrdcng

    (@rickwagenaar)


    Hi,

    I’m having trouble with getting BruteProtect to work on a WordPress site behind CloudFlare.
    BruteProtect works fine when I disable CloudFlare, but when enabled i get this error “My BruteProtect Dashboard not available”.
    I’ve disabled all performance settings and purge the cache, but it makes no difference.

    Any ideas?

    Thanks!

    https://wordpress.org/plugins/bruteprotect/

Viewing 14 replies - 1 through 14 (of 14 total)
  • Plugin Author Rocco Tripaldi

    (@roccotripaldi)

    Hello Rick,

    Let’s try to analyze the debug report. Click on the debug link at the bottom of the BruteProtect configuration page in your dashboard, and send the report on over.

    What’s your URL? I’ll be looking out for the report.

    Thanks

    Thread Starter sdfvgjuujytrdcng

    (@rickwagenaar)

    Hi Rocco,

    Thanks for your response.
    I’ve send over the debug report.
    The URL is https://www.nnqc.nl/

    Hope you can find anything!

    Plugin Author Rocco Tripaldi

    (@roccotripaldi)

    So when our API tries to contact your site, we get this:

    Curl Error: 35 Cannot communicate securely with peer: no common encryption algorithm(s).

    I’ll do some digging to see if I can get any more information.
    Could you run that error by your hosting provider / server admin and see if they can provide any insight?

    Thanks.

    Thread Starter sdfvgjuujytrdcng

    (@rickwagenaar)

    Thats useful information.

    I’m using CloudFlare’s Universal SSL (http://blog.cloudflare.com/introducing-universal-ssl/), which uses ECDSA, on my website.
    And it seems your systems use an outdated version of curl, which does not support the SSL certificates used by Universal SSL (http://unix.stackexchange.com/questions/162816/disable-sslv3-in-curl).

    If i’m right that means BruteProtect is currently not compatible with CloudFlare when using Universal SSL.

    Probably the only way to fix this is update the BruteProtect systems with a new version curl.

    Plugin Contributor Sam Hotchkiss

    (@samhotchkiss)

    Hi Rick– I’m working on setting up a cloudflare test site for us to work with– it’s going to take some time to propagate, so please stay tuned and I’ll update you early next week

    Thread Starter sdfvgjuujytrdcng

    (@rickwagenaar)

    Hi Sam, great, i’m looking forward to the results!

    +1

    CloudFlare + BruteProtect = Curl Error # 35

    same problem with cloudflare, (I have Universal SSL from Cloudflare)

    Thread Starter sdfvgjuujytrdcng

    (@rickwagenaar)

    Hi Sam, any news?

    Plugin Contributor Stephen Quirk

    (@sdquirk)

    We’re currently looking into the curl issue, but it’s still going to take some time. Thank you for your patience.

    Confirmed same thing even with header rewrites and whatnot even on a server off CloudFlare. Also, it takes less than an hour to set up CloudFlare (even with propagation and flex-SSL wait time), what is the holdup? TLS is now the norm. Please update your ye olde software….remember there are 250k+ people using your mod….

    damoncloudflare

    (@damoncloudflare)

    “CloudFlare + BruteProtect = Curl Error # 35 “

    This is probably related to SSLv3 and the Poodle vulnerability.

    We have disabled v3 by default.

    Thread Starter sdfvgjuujytrdcng

    (@rickwagenaar)

    I have SSLv3 disabled on my server as well, and BruteProtect works fine connecting directly. But with CloudFlare in the middle it stops working, it’s not because of SSLv3, but because the Universal SSL certificates are ECDSA and the version of Curl on BruteProtect’s servers don’t yet support ECDSA certificates.

    Plugin Author Rocco Tripaldi

    (@roccotripaldi)

    Hello all,

    There 2 types of communications our plugin uses: type 1 travels from your site -> our API server, and type 2 travels in the opposite direction from our API server -> your site.

    Our brute force protection feature only uses type-1 communication, and as far as I can tell, it plays nicely with CloudFlare.

    The features of My BruteProtect did use type-2 communication, which did have trouble with CloudFlare. Since the features on My BruteProtect are now disabled, i’m going to close this issue.

    If you find any issues between CloudFlare and the type-1 communication that our shield feature uses, please open a new issue.

    Thanks

Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘BruteProtect and Cloudflare’ is closed to new replies.