Cloudflare with private pages (membership site)


#1

I have a question i have a website and i am using the free plan of cloudflare . Some of the pages are restricted only for the users ( using a password ) so are this page and their content are going to be cached on cloudflare ? or not ? I mean i have 2 versions of the same page . domain.com/example that appears that is a restricted area please log in . and on the same url i have images content but only accesible for the signed users . Which version is going to be cached in cloudflare ? thanks


#2

By default, Cloudlfare only caches static resources, like image, css, and .js files. Not html or php. So Page Source isn’t cached (by default).


#3

sure but i mean if the image that appear in the protected by password page would be cached by cloudflare or because it is protected and their content hidden would not be cached by cloudflare ?


#4

The image itself probably isn’t password protected. In other words, anybody who knows the URL of the image can probably access it directly now anyway.


#5

yes it is :frowning:


#6

Then Cloudflare’s caching isn’t a viable option for you. Are all the private images in their own directory? You can add a Page Rule to Bypass Cache for matched files and directories.


#7

The real way to protect images is to serve them via the server language extension. Lets say coldfusion for example: /image.cfm
That loads coldfusion and you have code that authenticates the user. It they are allowed to view that image, coldfusion grabs the file from disk (outside of the web root, or in a database blob), then using cfcontent sends the data to the browser with the correct mime type. The browser loads image.cfm as if it were the original jpg. But if the user is not authenicated by coldfusion, you can spit back any error you want, or a “not authorized” image, or 301 redirect to /images/forbidden.jpg etc.


#8

This topic was automatically closed after 14 days. New replies are no longer allowed.