I
Immich2y ago
Sir Flux

Mobile App + CloudFlare Tunnel?

Hey All, I've just set-up Immich together with a Cloudflare tunnel and the web interface is working like a charm! However when I try the mobile-app, I get stuck on this Cloudflare page that says ' just a moment' and I was wondering if they're any work arounds for this? I've tried looking into this section and googling, but I can't seem to find another alternative than not using Cloudflare. Thank you for the help in advance! Kind regards, Flux!
No description
22 Replies
ddshd
ddshd2y ago
Looks like your requests are getting bot challenged.. https://developers.cloudflare.com/waf/custom-rules/use-cases/challenge-bad-bots/#adjust-for-mobile-traffic
Challenge bad bots · Cloudflare Web Application Firewall (WAF) docs
Cloudflare’s Bot Management feature scores the likelihood that a request originates from a bot.
ddshd
ddshd2y ago
The API instructions are probably the easiest to implement in the short term: https://developers.cloudflare.com/waf/custom-rules/use-cases/challenge-bad-bots/#exempt-api-traffic
Challenge bad bots · Cloudflare Web Application Firewall (WAF) docs
Cloudflare’s Bot Management feature scores the likelihood that a request originates from a bot.
meh
meh2y ago
I get this some times but goes away after a few minutes. As ddshd mentioned the cause as well.
Strider
Strider2y ago
Just to make sure: are you putting '/api' after the web url in mobile app? Ex. Web url= http://somedomain.com:2283, mobile app url= http://somedomain.com:2283/api
Sir Flux
Sir FluxOP2y ago
yes it's forwarded that way to the main url
Sir Flux
Sir FluxOP2y ago
it feels a bit like this message is the blocking message
No description
ddshd
ddshd2y ago
That page means cloudflare thinks ur a bot, the message in the app is just the html content of that page Follow this see if it fixes it
Sir Flux
Sir FluxOP2y ago
Ooh it works like a charm 🙏 Thank you so much @ddshd
meh
meh2y ago
Which exemption did you put in?
Sir Flux
Sir FluxOP2y ago
(not cf.client.bot and not starts_with(http.request.uri.path, "/api"))
(not cf.client.bot and not starts_with(http.request.uri.path, "/api"))
Does that seem correct @meh ?
meh
meh2y ago
I won't be able to test it till tomorrow but will let you know
ddshd
ddshd2y ago
You should probably put some management score test fyi Cloudflare network is always probed to bring things to ddos or get into
Sir Flux
Sir FluxOP2y ago
that is a paid feature, i'm using the free tier 😦
ddshd
ddshd2y ago
Putting the score check is a paid feature?? Hmm
Sir Flux
Sir FluxOP2y ago
No description
ddshd
ddshd2y ago
What about bot_management.score (cf.bot_management.score lt 30 and not starts_with(http.request.uri.path, "/api")) for example
Sir Flux
Sir FluxOP2y ago
No description
ddshd
ddshd2y ago
Oh Rip
Sir Flux
Sir FluxOP2y ago
yup D:
ddshd
ddshd2y ago
Sorry i have paid plan so I didn’t realize they had those paywalled
Sir Flux
Sir FluxOP2y ago
no worries man was already a great help to identify it Appreciate the help 🙏 Found a free version to block bots 
(http.user_agent contains "Yandex") or (http.user_agent contains "muckrack") or (http.user_agent contains "Qwantify") or (http.user_agent contains "Sogou") or (http.user_agent contains "BUbiNG") or (http.user_agent contains "knowledge") or (http.user_agent contains "CFNetwork") or (http.user_agent contains "Scrapy") or (http.user_agent contains "SemrushBot") or (http.user_agent contains "AhrefsBot") or (http.user_agent contains "Baiduspider") or (http.user_agent contains "python-requests") or (http.user_agent contains "crawl" and not cf.client.bot) or (http.user_agent contains "Crawl" and not cf.client.bot) or (http.user_agent contains "bot" and not http.user_agent contains "bingbot" and not http.user_agent contains "Google" and not http.user_agent contains "Twitter" and not cf.client.bot) or (http.user_agent contains "Bot" and not http.user_agent contains "Google" and not cf.client.bot) or (http.user_agent contains "Spider" and not cf.client.bot) or (http.user_agent contains "spider" and not cf.client.bot) or (cf.threat_score gt 5)
(http.user_agent contains "Yandex") or (http.user_agent contains "muckrack") or (http.user_agent contains "Qwantify") or (http.user_agent contains "Sogou") or (http.user_agent contains "BUbiNG") or (http.user_agent contains "knowledge") or (http.user_agent contains "CFNetwork") or (http.user_agent contains "Scrapy") or (http.user_agent contains "SemrushBot") or (http.user_agent contains "AhrefsBot") or (http.user_agent contains "Baiduspider") or (http.user_agent contains "python-requests") or (http.user_agent contains "crawl" and not cf.client.bot) or (http.user_agent contains "Crawl" and not cf.client.bot) or (http.user_agent contains "bot" and not http.user_agent contains "bingbot" and not http.user_agent contains "Google" and not http.user_agent contains "Twitter" and not cf.client.bot) or (http.user_agent contains "Bot" and not http.user_agent contains "Google" and not cf.client.bot) or (http.user_agent contains "Spider" and not cf.client.bot) or (http.user_agent contains "spider" and not cf.client.bot) or (cf.threat_score gt 5)
ddshd
ddshd2y ago
Might be easier to just whitelist immich app’s user agent if it has one If not we should def try to add one Yes

Did you find this page helpful?