I only have the one Backdrop site, but several others including phpBB sites.
All have suffered massively recently (within the last 6 months or so) from AI bots, crawlers and search engines that have flooded my servers.
In an attempt to mitigate this I popped several behind Cloudflare, and so far, afteer weeks of chatting to the Cloudflare AI and their Support Team, I have all of them working nicely... except for my Backdrop site!
I'm seeking advice from someone who has successfully run their Backdrop site from behind Cloudflare. I'd like advice on what my config should be and what Cloudflare features are necessary (I am on a Free plan at the moment). I'd also like advice on what my htaccess and iptables rules should be. Don't want much do I? :)
I'm starting to distrust their AI's suggestions - their latest fix to the issue I was working on seems to have resulted in an Access Denied message - but only for one specific page address. Working together we determined it is most likely not a Cloudflare issue but a Backdrop issue.
Here's the very last piece of advice I got ...
After fixing (I thought) access issues to admin.toysnz.com yesterday - I find I am receiving an "access denied - you are not authorized to access this page" message when trying to access https://admin.toysnz.com/admin/reports/updates.
This page is within the admin section of the site where all updates, editing, etc occurs.
What is causing this?
################################################################
Cloudflare AI finally responded after 2 hours of back and forth:
----------------------------------------------------------------Cloudflare is not blocking these requests. The "Access Denied" is being generated by Backdrop CMS itself.
What's happening in Backdrop CMSThe pattern you're describing is a classic Backdrop/Drupal permission issue:
/admin/reports/updates → Access Denied (this route checks administer site configuration permission)
/admin/reports/updates?check=1 → Works (the ?check=1 parameter triggers a different code path)
/admin/reports/updates/list → Works (different access callback)
Cron runs from dashboard → Logs show completion but no UI feedbackLikely causes
Corrupted session — your admin session may have a stale CSRF token or permission cache. Try:
Log out completely, clear cookies for admin.toysnz.com, log back in
Or run drush cc all (or the Backdrop equivalent) from the server CLIStale permission cache — Backdrop caches user permissions. After the server power cycle, the cache may be inconsistent:
# From the Backdrop site root on your server
drush cc all
# Or if drush isn't available:
drush cc permModule issue — the Update Status module may have a corrupted state. Try:
drush pm-disable update; drush pm-enable update
Database session table — after the unexpected shutdown, the sessions table may have corrupted entries:
TRUNCATE TABLE sessions;
(This will log everyone out — you'll need to log back in.)
I pointed out I didn't have Drush and hadn't used it since switching to Backdrop CMS - AI then suggested I install Bee then "bee cc all" or clear the caches from mysql. Since Bee doesn't seem to have any active sites using it - I wonder if that is a viable option?
the mysql command suggested is :
mysql -u [db_user] -p [db_name] -e "TRUNCATE TABLE cache; TRUNCATE TABLE cache_bootstrap; TRUNCATE TABLE cache_filter; TRUNCATE TABLE
cache_menu; TRUNCATE TABLE cache_page; TRUNCATE TABLE cache_path;"
Recent comments
My suggestions, if there is time to look at recent bug reports: (1) Not sure if the fix for this issue still needs a code review to get labeled as RTBC: Editor link autocomplete...
July 9th, 2026 - Weekly Meetings
Also I would welcome feedback on the approach I've taken to: [A11Y] Update aria role on messages area based on type of messages (#5715)
July 9th, 2026 - Weekly Meetings
[DX] Add layout machine name as a class to the body element (#7156) Two dashes -- or single dash - between label and value...
July 9th, 2026 - Weekly Meetings
Just to say I discovered an issue with doing this, which I have documented here. https://github.com/backdrop/backdrop-issues/issues/7168 To make this work, before this issue is...
Let users search for NIDs?
You could probably do this with a View where the exposed filter is the node id Ah, interesting idea. Thanks! Would you kindly consider creating links in the...
Let users search for NIDs?