How to exclude iron path from cache

So I recently installed a plugin on Wordpress and everytime I try to load it I just get a blank screen. The plugins tech support looked into it and said that cloudflare caching is somehow blocking it. They ran a “health check” and showed the following.

They recommended excluding the following paths from caching:

I read through some of the documentation and tried it out but nothing changed.

I’ll be honest, I’m a relatively savvy guy but when the tech gets into this level I feel like an idiot and don’t understand any of this stuff. My normal tech guy is on a 3 month hiatus and I’m kinda left high and dry here feeling a bit lost and just wanting to finish my rebuild project.

Any help is greatly appreciated. Thank you!

Oops the title is supposed to say how to exclude a URL path


Do you have an example link where we can observe the problem? The screenshot alone is not all that helpful I’m afraid.

A 403 indicates that the request was blocked by a firewall, but you can’t see which firewall blocked it on the screenshot. It is possible that the 403 originates from your server and is then cached by Cloudflare, but that would not be the first thing that comes to my mind, especially as your site is not live yet.

Hey thank you for the reply.

They also sent this screenshot is this helpful?

There’s no urls to really share, it’s just within the Wordpress admin when I click to edit the plugin settings, or anything to access the plugin (funnel kit) it’s just a blank screen.

I went into cloudflare security to firewall events and saw this. :man_shrugging:

Yes, it seems much more likely this is a problem with the Cloudflare Firewall rather than cache related.

Can you take a look here and find out what blocked the requests?

How to unblock it depends on why they were blocked in the first place.

1 Like

Hey Laudian, thank you so much for your help here. Pardon my ignorance, but where do I look on that page to determine why they’re being blocked? The activity log? When I filter by that particular event it pulls up some more details. Here’s a screenshot that provides some more details… but alas I have no idea what it means or if it’s helpful for you or not.

I guess the other question that comes to mind is that under my domains it’s showing my main domain (, but the site in question is would that make a difference?

I tried creating a rule there under WAF like this but it didn’t do anything. under action i selected managed rules (previous version), primarily because my main tech guy had used that option in the past :man_shrugging:

In the screenshot, you can see that a managed challenge was issued based on your WAF custom rule “no /contact bots”.

You’d either have to disable that rule or create an exception for the service that was blocked.

For the exception (your skip rule), it is important that the exception comes BEFORE the rule that issues the challenge, so the skip rules has to be ABOVE the block rule in your list of rules.

1 Like

Also, in your 2nd screenshot, you use the AND operator, which is incorrect there. AND means that both conditions must be satisfied.

You want to use the OR operator instead, for which it is enough if at least one of the conditions is satisfied.

1 Like

Okay I did all of that: changed AND to OR, and moved the custom rule i built to above the “no/contact bots” rule. Still no changes. Here’s a screenshot of what it looks like:

Do you think it’s not working because this is on my staging site?

Also just to illustrate, here’s a screenshot of what I’m seeing in WordPress (ie nothing when I try to access the plugin)

I just noticed another mistake in your rules.

Your rule is Path contains /funnel-builder/* - but there is no asterisk (*) in your path. It should be Path contains /funnel-builder/.

Ok will change that and see if it works. Should this setting be under the managed rules tab or the custom rules tab. I think I put it in both…

shoot that didn’t work either. :exploding_head: