Cloudflare Block PURGE Request

Hello

Is there any reason why Cloudflare blocks PURGE Requests.

On my server, I use Varnish For Page Cache but when I send a request.PURGE request to my site it doesn’t even reach my webserver hence Varnish never purge.

I even manually confirmed by using the following command in my PC terminal.

curl -v -k -X PURGE https://example.com/

If I use the command with Cloudflare being paused I see the request coming to my webserver but with Cloudflare being active it doesn’t

Also, If modify the above command with a GET request it reaches my server, but a PURGE Request doesn’t.

I thought maybe my Varnish VCL is misconfigured but I even test this on a simple LAMP stack as well with no Varnish and seems that it’s not a configuration issue but an issue from Cloudflare.

Thanks

That would suggest it gets blocked by Cloudflare’s security layer. Do you have anything in your firewall logs on Cloudflare?

I don’t have any rules in Firewall but I specifically added a rule to allow PURGE request on my domain to see if this conditions needs to be activate via Firewall Rules but still no success.

page-rules1.png1014×434 9.84 KB

I didnt mean the firewall configuration, I meant the firewall logs on Cloudflare.

But yes, configuration-wise you only have that one rule and nothing else?

Firewall Logs were initially empty, but after I added the rule shared earlier I can only see these events which are simply logged because of the rule I added

if I disable the rule there is nothing new in it afterwards for new request screenshot below:

page-rules1.png1010×480 17.5 KB

and configuration wise, I have only have this one rule nothing else.

In this case I’d usually say the request should reach your machine. Could it be that your caching server blocks PURGE requests from Cloudflare for some reason? Double check that.

Otherwise I could only suggest that you take the connection ID from one of those “Allow” entries and open a support ticket. They might be able to tell what is happening.

Initially, I thought it could be my caching service i.e. Varnish or any misconfiguration which might not be working properly but as I mentioned earlier even after testing the domain on simple stack i.e. with Apache, MYSQL and PHP on a Linux server with no cache service I don’t see any entries in my access logs.

Anyone who wishes to replicate can use these 2 curl request in Linux environment on their domain

curl -v -k -X PURGE https://example.com/
curl -v -k -X GET https://example.com/

A simple curl GET and PURGE request reaches my server without Cloudflare

status_code:200 x.x.x.x [20/Sep/2019:11:04:48 +0000] PURGE / HTTP/1.1
status_code:200 x.x.x.x [20/Sep/2019:11:05:04 +0000] GET / HTTP/1.1

But with Cloudflare only GET requests reaches my server

status_code:200 x.x.x.x [20/Sep/2019:11:17:39 +0000] GET / HTTP/1.1

Also @sandro I can’t open a support request as I am on free plan and dont see any helpdesk / ticket section option.

Thanks

Actually, Cloudflare does not seem to proxy PURGE requests

That’s really not good I wonder why Cloudflare does that it’s a huge drawback PURGE should be enabled because many people use server side caching like Varnish on their site, without this there will be a huge cache conflict on the sites & it doesn’t seem Cloudflare will be making this available anytime soon…

Anyway, @sandro thanks for your help.

The only explanation I could come up with are security concerns, but if so and why exactly is something only Cloudflare can elaborate on.

@cs-cf maybe

If there are some security concerns and because of that PURGE is not allowed then there shouldn’t be an option to allow/block PURGE request in firewall section as no matter what it’s blocked by default and no exceptions.

This topic was automatically closed after 30 days. New replies are no longer allowed.