Page Rules caching not behaving as expected

Caching level is set to Standard by default.

I have 3 page rules setup:

  1. site.com/wp-login* (Cache Level: Bypass)
  2. site.com/wp-* (Cache Level: Standard)
  3. site.com/* (Cache Level: Cache Everything)

When I visit https://site.com/ (should be fully cached) in the browser, the following headers are present
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: BYPASS
cf-ray: 5616b3eeb8e6c7d1-DEN
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 07 Feb 2020 16:22:29 GMT
expect-ct: max-age=604800, report-uri=“https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
expires: Thu, 19 Nov 1981 08:52:00 GMT
link: https://site.com/wp-json/; rel=“https://api.w.org/
link: https://site.com/; rel=shortlink
pragma: no-cache
server: cloudflare
status: 200
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

When I visit https://site.com/wp-login.php (cache should be bypassed), I see the following headers:
cache-control: no-cache, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 5616b73e6dc6c7d1-DEN
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 07 Feb 2020 16:24:44 GMT
expect-ct: max-age=604800, report-uri=“https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
expires: Wed, 11 Jan 1984 05:00:00 GMT
pragma: no-cache
server: cloudflare
set-cookie: wordpress_test_cookie=WP+Cookie+check; path=/; secure
status: 200
x-frame-options: SAMEORIGIN

So it seems to be working exactly opposite of how it’s configured.

Any ideas?

Screenshot of Page Rules: https://share.cspf.co/rRuL8X87
Screenshot of global Caching Setting: https://share.cspf.co/wbukRyod
Screenshot of headers 1 (/): https://share.cspf.co/wbukRyJ5
Screenshot of headers 2 (/wp-login.php): https://share.cspf.co/GGuAOvPg

Your origin is telling Cloudflare not to cache that resource.

1 Like

Thanks @cscharff - I found a plugin that was forcing those headers and have disabled it.

That fixed the caching on the front-end.

I still see Dynamic caching on wp-login.php even though WP itself sets the nocache headers there. I’m not sure why it’s Dynamic instead of Bypass given my page rules. Perhaps CF does it’s own handling for wp-login.php URI?

Standard caching treats html pages (including PHP) as dynamic content and it isn’t cached. Bypass means explicitly don’t cache (no-cache). A HIT or MISS would apply to content which is expected to be cached.

1 Like

Thanks for taking the time to reply. Just so I’m clear - my site.com/wp-login* which should BYPASS caching will not apply to .php files? So https://site.com/wp-login.php will not be bypassed even though the wildcard should match?

You could do with only two of your rules:

example.com/wp-* (Security Level: High or some setting other than Cache Level)
example.com/* (Cache Level: Cache Everything)

The second rule will never apply to URLs starting with /wp-, thanks to the first rule, so the default caching behavior will apply for these URLs.

This way you’d have all your /wp-admin/ area and /wp-login.php not cached, while the static files under /wp-content/* would still be cached.