Page rules not triggering when cookie is set

Hi everyone! New Cloudflare customer here and I’m currently extremely frustrated with my first support experience.

I am on a Business plan and I have the following Page Rules set up:

  1. www.domain.com/*/amp
    Cache Level: Cache Everything

  2. www.domain.com/*
    Cache Level: Cache Everything
    Bypass Cache on Cookie: cookie_name

It is my goal that all content is cached for users who are not logged in. For users who are logged in, the ONLY HTML pages that gets cached are our AMP pages.

Unfortunately, it’s not working.

If I’m not logged in, everything gets cached.
If I am logged in, if I try to visit an AMP page, I get cf-cache-status: BYPASS

The strange thing is that if I specify a setting of Cache Edge TTL within the AMP page rule, then it works fine when I’m logged in.

It caches the content just fine without that setting when not logged in.

Why is whether a setting exists for the first page rule a deciding factor on whether the first rule or the second rule gets triggered?!

Unfortunately, all of my pages throw out a custom Cache-Control: max-age= HTTP header that has a unique TTL depending on the specific content. It’s my understanding, based on the Cloudflare docs, that if you are asking Cloudflare to cache a page, it will set an Edge Cache TTL based on the max-age time that you specify in cache-control headers, if they exist. Otherwise it defaults to something much lower than desired for us, such as 2 hr.

Therefore, manually specifying an Edge Cache TTL for our AMP page rule is not ideal.

I tried doing live chat support, but they didn’t know the answer. They escalated it, and now I’ve just been going round and round and round for the past week in the support ticket system with at least 5 different people who didn’t answer the question and just kept repeating themselves over and over with information I already know, and asking me to repeat myself over and over again.

Support ticket 1887594

Without seeing the actual URLs, your description makes me think that the ‘amp’ page has a no-cache header. Maybe the Origin Cache Control setting can help.

Hi,

Thank you so much for your reply.

My site is DaniWeb and some example URLs are:


This is the weirdest thing in the world just I just loaded the page to copy/paste the HTTP Response Headers for you to see what happens when I’m logged out vs logged in, and I was able to get it to hit the cache when logged in for the first. time. ever.

I haven’t changed anything, I swear. Could this have been a bug and that’s why it took so long for the ticket to go in circles until I eventually demanded it be escalated because no one was answering me? No response to the ticket yet. It didn’t work as late as yesterday.

Considered this solved and me slightly embarrassed right now.

1 Like

I’m having this problem again. It only resolved itself for a very short time. I haven’t changed any page rules. The request and response headers are as follows:

Request URL: https://www.daniweb.com/programming/software-development/threads/522415/python-ide-for-macos/amp
Request Method: GET
Status Code: 200 
Remote Address: 172.67.7.242:443
Referrer Policy: strict-origin-when-cross-origin

Response Headers:

alt-svc: h3-27=":443"; ma=86400
cache-control: max-age=4092317, public
cf-cache-status: BYPASS
cf-ray: 5a170941388d6db2-SJC
cf-request-id: 0342441cbf00006db20bb7a200000001
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 10 Jun 2020 23:57:42 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: cloudflare
set-cookie: dani_csrf=cccd8edb6d5edfdb541240c0d0213a8b; expires=Thu, 11-Jun-2020 01:57:41 GMT; Max-Age=7200; path=/; SameSite=Strict; domain=www.daniweb.com; secure; HttpOnly
status: 200
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-powered-by: PHP/7.2.19

Request Headers:

:authority: www.daniweb.com
:method: GET
:path: /programming/software-development/threads/522415/python-ide-for-macos/amp
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cache-control: max-age=0
cookie: _ga=GA1.2.798903330.1573012496; __gads=ID=d943cc029eb46fb8:T=1573012498:S=ALNI_MY4nKFz8Gm5cjaRCWgDHgYk4G9yxA; _gid=GA1.2.567037913.1586803065; __cfduid=df67c1543667406d9d43b1b2bcb7108371591128368; dani_ad=Square; connect=61a17194db649abd3ea3ebadce98c67f3310f6de; dani_csrf=cccd8edb6d5edfdb541240c0d0213a8b
referer: https://community.cloudflare.com/
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: same-origin
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Sorry for the double post. Please see attached for a screenshot of my page rules.

Per my above message, the above pages should be triggered by rule 2, but they’re not.

If I specify an Edge Cache TTL for rule 2, then they trigger. Otherwise, they don’t.

I don’t want to specify a fixed Edge Cache TTL in this manner because the max-age is unique for each specific page based on how often it is updated.

And this is what happens when I visit that exact same page from a Chrome Incognito window:

Request URL: https://www.daniweb.com/programming/software-development/threads/522415/python-ide-for-macos/amp
Request Method: GET
Status Code: 200 
Remote Address: 104.22.4.5:443
Referrer Policy: no-referrer-when-downgrade

Response Headers:

age: 1381
alt-svc: h3-27=":443"; ma=86400
cache-control: max-age=4092359, public
cf-cache-status: HIT
cf-ray: 5a172c03ce7eed87-SJC
cf-request-id: 034259d6580000ed876f964200000001
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 11 Jun 2020 00:21:25 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
status: 200
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-powered-by: PHP/7.2.19

Request Headers:

:authority: www.daniweb.com
:method: GET
:path: /programming/software-development/threads/522415/python-ide-for-macos/amp
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cache-control: max-age=0
cookie: __cfduid=d0f53d296a9e77380280af5287209c9181591834879; _ga=amp-oV41bTCpTVm9w8WeDVKV-A
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: same-origin
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

That sure looks like it’s ignoring the second rule. Incognito doesn’t have a cookie, so it’s not going to be bypassed. I’m wondering if there’s some wildcard matching bug due to the hyphens in the URL. I was trying to find a thread in Databases with a single-word title, but there isn’t one. That would be an AMP URL without hyphens.

While you dig through that, maybe Support can figure out what’s wrong with Page Rule #2fa

Login to Cloudflare and then contact Cloudflare Support by clicking on the Get More Help button.

Hi,

Here’s a random example of a URL without hyphens:

Crazily enough, it’s working now for all URLs, hyphenated or not. (As mentioned previously, it periodically decides to work, which is what makes it impossible to debug.)

That same URL that I showed you earlier is now working for me, without Incognito mode:

Request URL: https://www.daniweb.com/programming/software-development/threads/522415/python-ide-for-macos/amp
Request Method: GET
Status Code: 200 
Remote Address: 172.67.7.242:443
Referrer Policy: no-referrer-when-downgrade

Response Headers:

age: 4685
alt-svc: h3-27=":443"; ma=86400
cache-control: max-age=4092359, public
cf-cache-status: HIT
cf-ray: 5a177caa0b116db2-SJC
cf-request-id: 03428c3e4800006db20b83e200000001
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 11 Jun 2020 01:16:29 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
status: 200
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-powered-by: PHP/7.2.19

Request Headers:

:authority: www.daniweb.com
:method: GET
:path: /programming/software-development/threads/522415/python-ide-for-macos/amp
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _ga=GA1.2.798903330.1573012496; __gads=ID=d943cc029eb46fb8:T=1573012498:S=ALNI_MY4nKFz8Gm5cjaRCWgDHgYk4G9yxA; _gid=GA1.2.567037913.1586803065; __cfduid=df67c1543667406d9d43b1b2bcb7108371591128368; dani_ad=Square; dani_csrf=66bd9250b9d8818b9a73b276ade9b581; connect=d98000cdccb3ad62a24d1a3eec3787a90d87a58b
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

As also previously mentioned, I don’t feel like there is a problem with the wildcards in the rule, because at the times when it doesn’t work, if I manually specify an Edge Cache TTL setting for that rule, then it always works 100% of the time.

A rule shouldn’t choose to match or not match on a URL based on the Edge Cache TTL setting specified for that rule.

Unfortunately I can’t debug your hyphen hypothesis right now, because it suddenly decided to work for me. In a day or so it will probably stop working again, and I’ll test it then :slight_smile:

Been there, done that.

Unfortunately I’ve gone in circles and circles and circles with a support ticket because the people who keep answering it aren’t reading / comprehending my question, and they keep repeating themselves with completely irrelevant and nonsensical information.

I had mentioned the ID # for the support ticket in my first post.

Oh, I didn’t notice the hyphen for software-development. I was just looking for one word topics.

Here’s a random URL with no hyphens at all:

Ok. Let’s see if @cloonan can give #1887594 a push.

For that Dadabik post, will it cache the AMP URL with a cookie set?

The only other thing I notice is that when there’s a cookie, the Expires header is 1981, but Cloudflare already shows BYPASS, so that might not be relevant.

1 Like

So yeah, when I have cookies set, it alternates between working for all URLs for a few minutes/hours/days to not working for all URLs.

An hour or so ago I posted my chrome headers when it was choosing to not work. Right now it’s in the working for all URLs phase, so I reposted chrome headers for the same page when it was choosing to work. Maybe someone could figure out the difference between those two requests.

Also, sorry for my brevity. I’m typing from my iPhone.

OK, now I’m getting a HIT with one URL and a BYPASS with a different URL. Neither URL is hyphenated. They are each open in different tabs in the same web browser.

The one that works:

Request URL: https://www.daniweb.com/programming/databases/threads/24929/dadabik/amp
Request Method: GET
Status Code: 200 
Remote Address: 172.67.7.242:443
Referrer Policy: strict-origin-when-cross-origin

Response Headers:

age: 55211
alt-svc: h3-27=":443"; ma=86400
cache-control: max-age=31536000, public
cf-cache-status: HIT
cf-ray: 5a1cd5ff393795f9-SJC
cf-request-id: 0345e41384000095f95f2fc200000001
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 11 Jun 2020 16:51:17 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
status: 200
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-powered-by: PHP/7.2.19

Request Headers:

:authority: www.daniweb.com
:method: GET
:path: /programming/databases/threads/24929/dadabik/amp
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cache-control: max-age=0
cookie: _ga=GA1.2.798903330.1573012496; __gads=ID=d943cc029eb46fb8:T=1573012498:S=ALNI_MY4nKFz8Gm5cjaRCWgDHgYk4G9yxA; _gid=GA1.2.567037913.1586803065; __cfduid=df67c1543667406d9d43b1b2bcb7108371591128368; dani_ad=Square; dani_csrf=6aee13b3da3de1ffea08bf1c5c223fd2; connect=074037a19e1ce711651419d3b41bd72ad11946e2
referer: https://community.cloudflare.com/
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: same-origin
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

The one that doesn’t work:

Request URL: https://www.daniweb.com/programming/databases/threads/900/rebus/amp
Request Method: GET
Status Code: 200 
Remote Address: 172.67.7.242:443
Referrer Policy: no-referrer-when-downgrade

Response Headers:

alt-svc: h3-27=":443"; ma=86400
cache-control: max-age=31536000, public
cf-cache-status: BYPASS
cf-ray: 5a1cdbecbe6195f9-SJC
cf-request-id: 0345e7c7f2000095f95f1a9200000001
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 11 Jun 2020 16:55:19 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: cloudflare
set-cookie: dani_csrf=6aee13b3da3de1ffea08bf1c5c223fd2; expires=Thu, 11-Jun-2020 18:55:19 GMT; Max-Age=7200; path=/; SameSite=Strict; domain=www.daniweb.com; secure; HttpOnly
status: 200
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-powered-by: PHP/7.2.19

Request Headers:

:authority: www.daniweb.com
:method: GET
:path: /programming/databases/threads/900/rebus/amp
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _ga=GA1.2.798903330.1573012496; __gads=ID=d943cc029eb46fb8:T=1573012498:S=ALNI_MY4nKFz8Gm5cjaRCWgDHgYk4G9yxA; _gid=GA1.2.567037913.1586803065; __cfduid=df67c1543667406d9d43b1b2bcb7108371591128368; dani_ad=Square; dani_csrf=6aee13b3da3de1ffea08bf1c5c223fd2; connect=074037a19e1ce711651419d3b41bd72ad11946e2; _gat=1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Late last night, I noticed that for some reason my web browser is sometimes sending the request header cache-control: max-age=-0. I don’t know why it’s doing that, and why it’s only doing it with some requests?? I’m using Chrome. I also updated Chrome today to the latest version, meaning that this problem persists even across multiple versions of Chrome.

However, I’m unsure if it’s related because you’ll notice that today, it sent that header with the URL that worked, and didn’t send that header with the URL that id not work. However, yesterday, if you look at the headers I copied/pasted yesterday, the opposite was true. That header was not included when it worked, and included when it didn’t work.

A quick google search has showed that the cache-control: max-age=0 header is being sent because Chrome is disabling my cache while DevTools is open. DevTools is open because I’m copying/pasting these headers right now into this topic.

Either way, it seems not to be the issue because, as mentioned, yesterday it worked when I didn’t send the header, and today it was vice versa.

Also, why does it say “This topic will automatically close in 4 days”? What if my issue isn’t solved by then?

As mentioned, my support ticket has been incredibly painful to deal with because I was just going 'round and 'round and getting absolutely no where with the people there.

Soooo sorry for posting a million times in a row. It looks like the info I got from the google search was wrong. Chrome is sending that cache-control header but I have the setting “Disable Cache while DevTools is open” unchecked.

1 Like

Sorry to bump this, but it says the topic will automatically close soon, and it’s still completely unresolved. :frowning:

Is this suddenly working for you again?

Hi,

Thanks for your reply. Unfortunately not. I just tried that Rebus page and got BYPASS.

So it works for me, but not for you? Every AMP link you’ve posted gives me a MISS/HIT when I curl it.

I tried Firefox and Brave which give me a HIT for:
https://www.daniweb.com/programming/databases/threads/900/rebus/amp