Support

Please look at the bottom of this page (under Support Policy Summary) for our support policy summary, containing important information regarding our working hours and our support policy. Thank you!

EXTREMELY IMPORTANT: Please attach a ZIP file containing your Akeeba Backup log file in order for us to help you with any backup or restoration issue. If the file is over 2Mb, please upload it on your server and post a link to it.

Description of my issue:
Is it possible something like PHP-FPM causes a false positive resulting in the

"We have detected that CloudFlare Rocket Loader is enabled on your site."

Unless someone's been tinkering with something they shouldn't have without telling me, I don't use that. But I've recently seen this and the AdminTools reverse proxy/CDN warning pop up. No clue what's up.

Fascinating.

The notice Akeeba gave is clear enough, but I was at a loss where to start on this, because we neither use Cloudflare nor even have a Cloudflare account. We've got the db cluster behind a load balancer, my browser *might* be going through a proxy, and its name resolves via my hosts file (DNS is still propagating) but that's about it. I was kind of grasping at straws looking for a place to start the hunt for what's going on, and Akeeba popped up because it was the last thing on the site that changed (I updated it to 6.1.1 just before getting that notice when I tried to update Joomla to 3.8.9 (3.8.10 dropped while I was making the .9 update rounds for the servers).

It's a new server, under test and headed for production, so maybe there's something the testing hasn't shown, but I provisioned it myself and included nothing that to my knowledge invoked cloudflare. Time to put on the hard hat with head lamp and go spelunking through the system, I guess.

Thanks, anyway, Nick, for the help (sorry about the twitter duplication, I hit that first, before I even remembered the support board here). Wasn't the answer I wanted, but I'd rather an inconvenient truth than a convenient falsehood, so I'll take it.

BTW, does enabling the workarounds in AdminTools have an effect on Akeeba?

OK, I got it.

A "perfect storm," if you will. This is a server headed for production, but Not There Yet. The OWASP rules attached to mod_security 403'ed the browser but logged the response for debugging. You are *always* writing the cloudflare warning, but using js to mask it if not needed, but the response wasn't getting masked b/c it wasn't being seen in the browser, and there was nothing in the markup to let me know it wasn't going to be visible.

Once mod_security was told to let the page display (it was triggered by some of the text in the changelog references DB's into suspecting a SQL leakage, so it shut it down) the warning wasn't in the resulting page. Curiosity piqued, I dug through your code to see if the 403 could have triggered the false positive, and saw the mechanism you were using, and Light Dawned.