Page rules no longer working

I recently upgraded to the new WAF and now my page rules no longer work.

I have a wordpress site which has redirect in place after login. Cloudflare caches the HTTP_REFERER which gives end users mixed results.

I created a page rule: Cache Level > Bypass for the login page url

The Cloudflare plugin for wordpress is also having issues with the WAF. After the upgrade the Web Application Firewall button was turned off. Turning it on now gives an error: “Bad Request” and turns itself off. Not sure if this is related or not because deactivating and activating the Cloudflare plugin for wordpress had no effect.

Anyone else having a similar issue?


Thank you for asking.

May I ask have you tried using a different Web browser, or tried clearing your Web browser cache?
How about using a Private window (Incognito mode) or a VPN connection if possible?
Is it the same behaviour on your mobile phone (4G LTE, mobile data, cellular)?

May I ask you to share your Page Rules?
Are you using Cloudflare APO for WordPress maybe?
Nevertheless, maybe you’re using a Page Rule with an option like Cache Level: Cache Everything?

Just in case, I’d suggest you to whitelist your origin host / server / hosting IP address by navigating to the Security → WAF → Tools → IP Access Rules with the action “allow” for your Website and try again.

May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )?

Before moving to Cloudflare, was your Website working over HTTPS connection?
Was WordPress configured to work over HTTPS?

You could determine this by:

  1. Use the “Pause Cloudflare on Site” option from the Overview tab for your domain at .
  2. The link is in the lower right corner of that page.
  3. Give it five minutes to take effect, then make sure site is working as expected with HTTPS without any error
  4. Check with your hosting provider / cPanel AutoSSL / Let’s Encrypt / Certbot / ACME and renew it in case if needed
  5. Only then, when your website responds over HTTPS, you should un-pause Cloudflare and double-check your SSL/TLS setting to make sure it’s Full (Strict).

Mixed results might be the result of using Flexible SSL option at Cloudflare dashboard, therefore you might not have a valid SSL certificate installed at your origin host/web server, or cannot have HTTPS somehow, or even the WordPress isn’t configured to run on a secure connection (home_url, site_url), or you’re having an issue too including the Web browser cookies HTTP<->HTTPS.

Otherwise, I’d suggest as follows:

Here is a way to re-check if you correctly setup the SSL for your domain with Cloudflare:

In case you do not have an SSL certificate, you can use Cloudflare SSL, if so, kindly make sure you follow the instructions as follows on the below article to setup an SSL certificate using Cloudflare Origin CA Certificate:

Last but not least, kindly have a look here for more information regarding SSL settings at the SSL/TLS tab on Cloudflare dashboard:

I’ve tried using multiple browsers and clearing my cache. Clearing my cache only works one time. The next time I attempt to login I get the same results. Same issue on mobile or in incognito.

The only page rule I have for the url in question is: login page url > Cache Level > Bypass

I don’t have one that caches everything.

Im using the Cloudflare APO for wordpress but as I put in my post the WAF won’t turn on now.

My sites IP is whitelisted in the WAF

SSL is set to Full (Strict)