Shaun Peet
Top achievements
Rank 2
Rank 2
Shaun Peet
asked on 08 Jun 2011, 09:58 PM
I've got a bunch of websites behind CloudFlare and they're all working great right. But one issue has come up. When using a RadEditor and clicking the Document Manager, CloudFlare challenges the visitor. I've submitted a support request to CloudFlare, but I pay more money to Telerik so hopefully the support will be quicker over here. It's also probably a Telerik issue.
3 Answers, 1 is accepted
0
Hi Shaun,
I am not familiar with CloudFlare and you are the first to report problems with this service.
What does exactly happen when you load the Document manager? Do you get any errors when opening the dialog?
Is it possible to provide live URL to the problematic page so that we can examine it with Fiddler, Firebug and reproduce the problem?
All the best,
Rumen
the Telerik team
I am not familiar with CloudFlare and you are the first to report problems with this service.
What does exactly happen when you load the Document manager? Do you get any errors when opening the dialog?
Is it possible to provide live URL to the problematic page so that we can examine it with Fiddler, Firebug and reproduce the problem?
All the best,
Rumen
the Telerik team
Browse the vast support resources we have to jump start your development with RadControls for ASP.NET AJAX. See how to integrate our AJAX controls seamlessly in SharePoint 2007/2010 visiting our common SharePoint portal.
0
Shaun Peet
Top achievements
Rank 2
Rank 2
answered on 10 Jun 2011, 04:55 PM
Hi Rumen,
Up until a few weeks ago I hadn't heard of CloudFlare either, but so far it's looking like an awesome service. It's already saved our server from 20GB of bandwidth (about 50% for us) in two weeks by routing malicious visitors elsewhere.
The error occurs when uploading a document using the document manager, after the file is selected, at the beggining of the actual upload process (ie. a POST occurs). The site where this happened was on CF's Pro plan, which has an "Advanced Security" option to help protect against malicious POST attack, SQL injection, XSS attacks, etc. It's on a "low" setting by default, and turning it off eliminated the problem with the Document Manager.
I did already get a response from CF to my support ticket there, and their guess was that the advanced security stuff they were doing was the potential source of the problem, which turned out to be correct. That said, with the advanced security stuff turned on (which in the end would be a good thing to have turned on), the *only* issue (so far) that I've encountered is the Document Manager. So it looks like we need to figure out how the Document Manager does it's POST when uploading, and pass that information on to CF so they can handle it properly with their service. Or, have Telerik talk to the CF people about why CF is currently interpreting the POST methodology of the Document Manager as a potential threat.
I'm open to either one, and will happily act as mediator / liason if need be. Thanks,
Shaun
Up until a few weeks ago I hadn't heard of CloudFlare either, but so far it's looking like an awesome service. It's already saved our server from 20GB of bandwidth (about 50% for us) in two weeks by routing malicious visitors elsewhere.
The error occurs when uploading a document using the document manager, after the file is selected, at the beggining of the actual upload process (ie. a POST occurs). The site where this happened was on CF's Pro plan, which has an "Advanced Security" option to help protect against malicious POST attack, SQL injection, XSS attacks, etc. It's on a "low" setting by default, and turning it off eliminated the problem with the Document Manager.
I did already get a response from CF to my support ticket there, and their guess was that the advanced security stuff they were doing was the potential source of the problem, which turned out to be correct. That said, with the advanced security stuff turned on (which in the end would be a good thing to have turned on), the *only* issue (so far) that I've encountered is the Document Manager. So it looks like we need to figure out how the Document Manager does it's POST when uploading, and pass that information on to CF so they can handle it properly with their service. Or, have Telerik talk to the CF people about why CF is currently interpreting the POST methodology of the Document Manager as a potential threat.
I'm open to either one, and will happily act as mediator / liason if need be. Thanks,
Shaun
0
Hello Shaun Peet,
The POST request made made by RadUpload is a regular POST triggered by a input[type='submit']. The same post request would be triggered by each and every submit on the page. In this sense, It is the same whether you use RadUpload or the standard FileUpload for ASP.NET, they use the same post request. I am aware of the Cloud Fire policies regarding file upload, but I believe they should support normal upload requests. Perhaps an HTTP log from fiddler cap would shed some light on what is going wrong.
Kind regards,
Genady Sergeev
the Telerik team
The POST request made made by RadUpload is a regular POST triggered by a input[type='submit']. The same post request would be triggered by each and every submit on the page. In this sense, It is the same whether you use RadUpload or the standard FileUpload for ASP.NET, they use the same post request. I am aware of the Cloud Fire policies regarding file upload, but I believe they should support normal upload requests. Perhaps an HTTP log from fiddler cap would shed some light on what is going wrong.
Kind regards,
Genady Sergeev
the Telerik team
Browse the vast support resources we have to jump start your development with RadControls for ASP.NET AJAX. See how to integrate our AJAX controls seamlessly in SharePoint 2007/2010 visiting our common SharePoint portal.