I have already a cache rule to specific service, but I wonder if is possible to create a second rule basic with the same rules as the first one but with the difference to indentify if in the second one the request contains the authorization header.
What I want to do is returns different responses. Right now, cloudflare is caching the response and sending the same response to auth users and non-auth users, which is wrong. Is there a possibility to create different rules to cache based on authorization token? Because in the case of authenticate user I don’t want to cache, or at least create two different caches (one for auth users and one for non auth users). I tried it already but isn’t working
Hi,
You can use Cache Keys based on a header, or a cookie and its value, with the Enterprise Plan. With other plans, you can use Cache Rules based on cookie name.
What exactly did you try? A rule can not work for many reasons.
Hi @cbrandt
My idea was to create two different caches, one for auth users and one for anon users. But I guess there might be some conflicts and just the last machine rules is being taken.
This was my first rule to cache everything that match with all those conditions and doesn’t have auth token (it works):
(http.request.uri contains "pages" or http.request.uri contains "playlists" or http.request.uri contains "themes" or http.request.uri contains "media" or http.request.uri contains "epg") and (any(http.request.headers["x-service-id"][*] == "473b1000-2615-11ee-b1a8-f1c0439cc96f")) and (not(http.request.uri contains "playlists/user")) and (not(http.request.uri contains "playlists/watch")) and (not(http.request.uri contains "playlists/because")) and(not(http.host contains "dapi")) and (not(any(http.request.headers["authorization"][*] matches "Bearer\s+(.+)")))
Then I try to create a second one:
(http.request.uri contains "pages" or http.request.uri contains "playlists" or http.request.uri contains "themes" or http.request.uri contains "media" or http.request.uri contains "epg") and (any(http.request.headers["x-service-id"][*] == "473b1000-2615-11ee-b1a8-f1c0439cc96f")) and (not(http.request.uri contains "playlists/user")) and (not(http.request.uri contains "playlists/watch")) and (not(http.request.uri contains "playlists/because")) and(not(http.host contains "dapi")) and (any(http.request.headers["authorization"][*] matches "Bearer\s+(.+)"))
The only difference is the not in the rule of the auth header, but seems like it doesn’t work (maybe because of conflicting) because I still getting cache response from anon users while I should get cache for auth users (different responses)
To the best of my knowledge, that is only possible with Cache Keys, a feature available to Enterprise Plan users.
With Cache Rules you can set it in a way that only requests without the auth header are cached, and for that you’d only need the first rule. Assuming its logic is right (I don’t have the means to test), and your origin returns the proper Cache-Control header, auth-header bearing requests would not be cached.
To get a separate cache for auth users you would need make your origin return a different part of the URI (path or query string) for users with auth headers.
1 Like