Cf-cache-status: BYPASS Always Magento

Hi,
For my Magento application, I am using both varnish cache and Cloudflare cache together. Varnish cache gets hits and working fine. But Cloudflare cf-cache-status: BYPASS shows always. On Cloudflare, I have also created a page rule for caching images, CSS, and js. It’s not working

Could be due to these:

You might want to test against the origin to see which cache-control, pragma, and expires headers it’s sending:

curl -svo /dev/null https://www.kogland.com/media/sun/header/stores/1/Kogland_Logo.png --connect-to ::123.123.123.123
(replace the 123 with actual IP address of the server))

After disabling that setting, shows the same.

From the origin? Please show us the results of the ‘curl’ command from above. Be sure to black out the actual IP address.

@sdyaman

curl -svo /dev/null https://www.kogland.com/media/sun/header/stores/1/Kogland_Logo.png --connect-to XXX.XXX.XXX.XXX

  • Trying 172.67.73.111:443…
  • TCP_NODELAY set
  • Connected to www.kogland.com (172.67.73.111) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: /etc/ssl/certs/ca-certificates.crt
    CApath: /etc/ssl/certs
    } [5 bytes data]
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
    } [512 bytes data]
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
    { [122 bytes data]
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
    { [19 bytes data]
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
    { [2331 bytes data]
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
    { [78 bytes data]
  • TLSv1.3 (IN), TLS handshake, Finished (20):
    { [52 bytes data]
  • TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
    } [1 bytes data]
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
    } [52 bytes data]
  • SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  • ALPN, server accepted to use h2
  • Server certificate:
  • subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
  • start date: Jun 16 00:00:00 2022 GMT
  • expire date: Jun 15 23:59:59 2023 GMT
  • subjectAltName: host “www.kogland.com” matched cert’s “*.kogland.com”
  • issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
  • SSL certificate verify ok.
  • Using HTTP2, server supports multi-use
  • Connection state changed (HTTP/2 confirmed)
  • Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
    } [5 bytes data]
  • Using Stream ID: 1 (easy handle 0x55e4dd8c5860)
    } [5 bytes data]

GET /media/sun/header/stores/1/Kogland_Logo.png HTTP/2
Host: www.kogland.com
user-agent: curl/7.68.0
accept: /

{ [5 bytes data]

  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
    { [230 bytes data]
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
    { [230 bytes data]
  • old SSL session ID is stale, removing
    { [5 bytes data]
  • Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
    } [5 bytes data]
    < HTTP/2 200
    < date: Mon, 11 Jul 2022 04:01:01 GMT
    < content-type: image/png
    < content-length: 16063
    < cf-bgj: imgq:100,h2pri
    < cf-polished: origSize=16604
    < vary: Accept
    < etag: “619f2ec7-40dc”
    < last-modified: Thu, 25 Nov 2021 06:35:51 GMT
    < strict-transport-security: max-age=31536000; includeSubDomains; preload
    < cf-cache-status: BYPASS
    < accept-ranges: bytes
    < expect-ct: max-age=604800, report-uri=“https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
    < report-to: {“endpoints”:[{“url”:“https://a.nel.Cloudflare.com/report/v3?s=PSTPVGK%2BtfHD0yYRNMcQvHTtEEvYnz%2B%2FJjgQcGWo%2FEmKgjUAk7FSlBW%2BDGrYLl05vTw4ZmYV2S5ZwMJMpZTEAPJ5jG3iNMXWy4%2BUNvZ0Ut9udLF4xtmOzAMa5RXMLgNlWA%3D%3D”}],“group”:“cf-nel”,“max_age”:604800}
    < nel: {“success_fraction”:0,“report_to”:“cf-nel”,“max_age”:604800}
    < server: Cloudflare
    < cf-ray: 728ea2acdf602e23-BOM
    <
    { [780 bytes data]
  • Connection #0 to host www.kogland.com left intact
curl -svo /dev/null https://www.kogland.com/media/sun/header/stores/1/Kogland_Logo.png --connect-to XXX.XXX.XXX.XXX

    Trying 172.67.73.111:443…

That’s actually Cloudflare’s proxy IP address. It looks like you don’t have it proxied now, so here are the headers straight from your NGINX server:

% curl -svo /dev/null https://www.kogland.com/media/sun/header/stores/1/Kogland_Logo.png --connect-to ::BLAH
* Connecting to hostname: BLAH
*   Trying BLAH:443...
* Connected to BLAH (BLAH) port 443 (#0)
...
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200 
< server: nginx
< date: Mon, 11 Jul 2022 04:07:33 GMT
< content-type: image/png
< content-length: 16604
< last-modified: Thu, 25 Nov 2021 06:35:51 GMT
< etag: "619f2ec7-40dc"
< pragma: no-cache
< expires: -1
< cache-control: no-store, no-cache, must-revalidate, max-age=0
< x-cache: HIT
< x-cache-hits: 1
< accept-ranges: bytes
< strict-transport-security: max-age=31536000; includeSubDomains; preload

Yep, those cache-control, expires, and pragma headers are coming straight from your server.

1 Like

It’s proxied through Cloudflare actually.

curl -svo /dev/null https://www.kogland.com/media/sun/header/stores/1/Kogland_Logo.png --connect-to XXX.XXX.XXX.XXX
curl -svo /dev/null https://www.kogland.com/media/sun/header/stores/1/Kogland_Logo.png --connect-to 216.150.149.232

  • Trying 104.26.7.61:443…
  • TCP_NODELAY set
  • Connected to www.kogland.com (104.26.7.61) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: /etc/ssl/certs/ca-certificates.crt
    CApath: /etc/ssl/certs
    } [5 bytes data]
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
    } [512 bytes data]
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
    { [122 bytes data]
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
    { [19 bytes data]
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
    { [2331 bytes data]
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
    { [79 bytes data]
  • TLSv1.3 (IN), TLS handshake, Finished (20):
    { [52 bytes data]
  • TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
    } [1 bytes data]
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
    } [52 bytes data]
  • SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  • ALPN, server accepted to use h2
  • Server certificate:
  • subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
  • start date: Jun 16 00:00:00 2022 GMT
  • expire date: Jun 15 23:59:59 2023 GMT
  • subjectAltName: host “www.kogland.com” matched cert’s “*.kogland.com”
  • issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
  • SSL certificate verify ok.
  • Using HTTP2, server supports multi-use
  • Connection state changed (HTTP/2 confirmed)
  • Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
    } [5 bytes data]
  • Using Stream ID: 1 (easy handle 0x56230ddea860)
    } [5 bytes data]

GET /media/sun/header/stores/1/Kogland_Logo.png HTTP/2
Host: www.kogland.com
user-agent: curl/7.68.0
accept: /

{ [5 bytes data]

  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
    { [230 bytes data]
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
    { [230 bytes data]
  • old SSL session ID is stale, removing
    { [5 bytes data]
  • Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
    } [5 bytes data]
    < HTTP/2 200
    < date: Mon, 11 Jul 2022 04:41:48 GMT
    < content-type: image/png
    < content-length: 16604
    < last-modified: Thu, 25 Nov 2021 06:35:51 GMT
    < etag: “619f2ec7-40dc”
    < pragma: no-cache
    < expires: -1
    < cache-control: no-store, no-cache, must-revalidate, max-age=0
    < x-cache: HIT
    < x-cache-hits: 1
    < strict-transport-security: max-age=31536000; includeSubDomains; preload
    < cf-cache-status: BYPASS
    < accept-ranges: bytes
    < expect-ct: max-age=604800, report-uri=“https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
    < report-to: {“endpoints”:[{“url”:“https://a.nel.Cloudflare.com/report/v3?s=IllQcV%2Ba%2B17hQqnn1g0aME3X11AUevKoEA5gPx9N8XldjZlkZ%2BOV%2F0ATlUyg5ZkIVW%2B6EwXJuzqNbuvuvxIi%2FXGKAT17%2FFwhy5qrZD8YsjgTyFJ5m6ga9bZ%2FDrJGj8bs4g%3D%3D”}],“group”:“cf-nel”,“max_age”:604800}
    < nel: {“success_fraction”:0,“report_to”:“cf-nel”,“max_age”:604800}
    < server: Cloudflare
    < cf-ray: 728ede649c7c0e38-BOM
    <
    { [749 bytes data]
  • Connection #0 to host www.kogland.com left intact

Nope. Your syntax was wrong. You left off the :: before the IP address that I had in my instructions, so your test was not correct.

If you notice my result, the “Server” header was NGINX. Please ask your host for help.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.