Requests being cached when they should not be

I am developing an API on a development server proxied behind Cloudflare. I have taken these steps to ensure that API requests are never cached:

  • Development mode has been enabled and is not expired
  • I have added a page rule for <my_domain>/api/ with settings set to Cache Level: Bypass
  • As a debugging step, I have purged the cache several times

Even with these steps taken, Cloudflare is still serving an hours-old 404 page that my origin server spat up due to a configuration error. If I connect directly to the origin, bypassing Cloudflare, the request is processed correctly.

What could be the issue?

Have you already tried purging your local cache? (

When doing API development, I do not operate with a local cache, since it wreaks havoc on live updates. I use Postman, and as soon as I noticed something fishy, I started running requests with CURL instead.

What’s the domain/URL?

What’s the CF-Cache-Status header you’re getting back from your requests?

This indicates it isn’t being cached by Cloudflare and is served by your origin.

1 Like

I would agree, but making a POST request to a different endpoint causes some strange behavior. Looking in my nginx access.log, I can see clearly that the request succeeded, returned 201 and a short JSON object, but CURL sees a 404 and the stale error page. To me, it seems that Cloudflare is not returning the same content that my origin is sending back.

As with before, directly connecting to the origin and making the request works perfectly.

On further investigation, I’ve found that the nginx proxy in front of the API server is returning a 404 because Cloudflare is making the request to port 80 instead of 443 (despite the original request being made to port 443, and the API is set up to operate only on port 443 (and with good reason - it returns sensitive data).

In order to fix this, I had to set up a page rule to set SSL to Strict for that hostname only. Our SSL mode is still set to Flexible, since we’re still in the process of migrating away from a legacy hosting service that does not support SSL.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.