Hi all, I’ve just started using Cloudflare. I am an entrepeneur not a developer/programmer and I am just using Cloudflare to prevent DOS.
After doing some research I heard the best thing is to set a page rule called “no-cache” for my website which will enable the best of both worlds for my users (security & smooth experience).
I went to the page rules section, got stuck, looked online for a tutorial and couldnt find anything.
So I am wondering does anyone know how I can set no-cache for my domain?
For example like how cache-control has been set in this thread: BYPASS when rule says cache everything
I can guide you through setting up a “no-cache” page rule in Cloudflare to enhance security and provide a smoother experience for your users. While you’re using Cloudflare to prevent DDoS attacks, it’s important to strike a balance between security and optimizing user experience.
Here’s how you can set up a “no-cache” page rule in Cloudflare:
Log in to your Cloudflare account.
Once logged in, navigate to the "Page Rules" section in the Cloudflare dashboard.
Click on the "Create Page Rule" button to start creating a new rule.
In the "If the URL matches" field, enter the URL pattern for which you want to apply the "no-cache" rule. This could be something like https://yourdomain.com/* to apply the rule to your entire website.
Click on the "Add a Setting" button to configure the rule's action.
Choose the "Cache Level" option and select "Bypass."
Click on the "Save and Deploy" button to save the page rule.
This “no-cache” page rule will prevent Cloudflare from caching the content of the URLs that match the pattern you specified. This can be beneficial for dynamic content or pages that should always reflect the most up-to-date information.
Remember that while “no-cache” can provide the latest content to your users, it might also increase the load on your server since Cloudflare won’t serve cached content. You might want to test the impact of this rule on your server’s performance and user experience.
If you’re interested in optimizing the cache settings for your website, you might consider consulting with a web developer or a technical expert who can provide more personalized advice based on your specific needs and website architecture.
Who told you so? And why did you think it was a good advice? What’s the use case? A good caching policy is a fundamental part of any website’s security, especially if you’re thinking DDoS protection. Cloudflare caches static files (images, CSS, JS files, etc.) by default, but does not cache HTML, leaving it up to website admins to decide whether they want to cache HTML as well. You should not implement any “no-cache” rule unless you have a sound reason to do so.
Thanks for your response. Regarding setting a Bypass rule, my concern is that doing a Bypass to the cache is less secure than doing Nocache.
Based on what I’ve read below, doing No-cache still requires the browser to validate a response before caching content. With Bypass it will just let everything through, which increases the security risks of unvalidated or DDOS type traffic.
Here’s the links to the info I found:
Also I appreciate your response @cbrandt . As adebayo mentioned above, I am looking to keep the dynamic content (comments) on my site up-to-date.
My site is very simple. It has static images and text for the “articles” and comment fields so that people can add their thoughts.
I totally understand your breakdown on the fundamentals of good caching. But my concern is if I dont set no-cache then replies to comments will be missed which will interfere with the user experience.
I am very open to changing my mind if you can help guide me to where I am misunderstanding. Maybe when you say html is not cached that means comments wont be cached?