scenario: small static WP website
Goal: cache all front end pages and exclude backend which is accessed by logged in admin
will this do
Cache Rule
(http.host eq “example.co” and not http.cookie contains “wordpress_logged_in”)
Eligible for cache
Edge TTL Override origin
Browser TTL : leave it not configured. supposed that global configuration will apply if not configured here
or would excluding certain pages be safer and more stable
(http.request.uri.path contains “wp-admin”), (http.request.uri.path contains “wp-login”) and (http.request.uri.path contains “wp-include”)
are there any other WP uri path to exclude ?
Please let me know if you have better recommendation
That’s right. Cache Rules, like any other Cloudflare Rules, set exceptions to whatever is the global default set at the various dashboard panels.
If you’re using the default WordPress Permalink structure (Day and Name) or any other that ends with “/”, you can use the operator “ends with” to target the front end.
http.request.uri.path ends with "/"
However, you should add a generic exclusion to match any possible file starting with /wp- to avoid caching /wp-json/ URLs, as they are the WordPress Rest API endpoints, as well as any /wp-content/ or similar paths that may end with a “/”. (Though in general they don’t, you never know when a plugin update will bring you surprises on that front.)
not starts_with(http.request.uri.path, "/wp-")
So the final expression would be:
(ends_with(http.request.uri.path, "/") and not starts_with(http.request.uri.path, "/wp-") and not http.cookie contains "wordpress_logged_in")
You may see this in your browser, but when the request arrives at Cloudflare, it will always have “/”.
If you request https://example.com, the URI Path field will have /, and the URI Full, https://example.com/ even though your browser may not display the / in the address bar. If you curl your own website you’ll see for yourself.