My Cache Rule is not caching
By all accounts this looks correct to me, but none of my js asset requests are getting cached. All requests always return:
HTTP/2 200
date: Tue, 30 Jul 2024 01:33:38 GMT
content-type: application/javascript; charset=UTF-8
cf-ray: 8ab19a07fb32452f-ATL
cf-cache-status: DYNAMIC
cache-control: public, max-age=31536000, immutable
etag: W/"2079-19101337ff0"
last-modified: Tue, 30 Jul 2024 01:13:58 GMT
vary: Accept-Encoding, Accept-Encoding
rndr-id: d18e9e55-0c06-4273
x-render-origin-server: Render
server: cloudflare
alt-svc: h3=":443"; ma=86400
What am I doing wrong here? This is supposed to be cacheing but it's not
22 Replies
you didn't give the request url but I doubt
query is what you want, this would for example not match
mycoolsite.com/_next/static/coolcookies.js, and would match mycoolsite.com/_next/static/virus.php?7=.js
you could either use uri.path or use uri.path.extension which is just the extension without the dot https://developers.cloudflare.com/ruleset-engine/rules-language/fields/, would make more sense. Cloudflare does cache javascript/css by default unless you've overridden that though https://developers.cloudflare.com/cache/concepts/default-cache-behavior/shouldnt these be cached automatically? https://developers.cloudflare.com/cache/concepts/default-cache-behavior/#default-cached-file-extensions
Cloudflare Docs
Default Cache Behavior · Cloudflare Cache (CDN) docs
Cloudflare respects the origin web server’s cache headers in the following order unless an Edge Cache TTL cache rule overrides the headers. Refer to …
Im just confused why everytihing is coming back as DYNAMIC
that's what I said in the last part of my message
I went even simpler:
(http.request.uri.path.extension eq "js") or (http.request.uri.path.extension eq "css")
❯ curl -I https://brguide.com/_next/static/chunks/pages/cities-3eb776db6a4e58b9.js
HTTP/2 502
date: Tue, 30 Jul 2024 01:47:39 GMT
content-type: text/html; charset=utf-8
cf-ray: 8ab1ae950d6b1389-ATL
cf-cache-status: DYNAMIC
rndr-id: a7decaba-9b4d-4c95
x-render-routing: dynamic-paid-error
server: cloudflare
alt-svc: h3=":443"; ma=86400
still dynamic
You can pass the url through trace (account level option) and see if it's hitting any other rule blocking/stopping it from being cached
errors
oh is this a cf partner?
cf partner?
oh the host? its render.com
yea render is a partner, they use cf for saas/ssl for saas
well that sucks
so theres no way for me to change cache settings at cloudflare
The old SSL for SaaS/CF For SaaS setup some partners used like Shopify had a lot of restrictions like those, I think cache was included?
I mean if the record is proxied in Cloudflare under DNS -> Records, and you don't have any other page rules/cache rules at all, then yea that's all that is left
I am using cloudflare, I have the dns record proxied
i have cache rules setup
not sure why this shouldnt work if cloudflare is the proxy in front of render host
You don't have any others that disable caching/then the one you showed?
one rule
because they're not a normal origin, cf for saas is special. The first version which shopify and a few others used (for legacy limitations I assume) essentially skipped your zone config and used theirs instead (because they've got a cf zone too). The new CF for SaaS version can apply both
Shopify is the biggest which does it
Used to be able to email a PM working on O2O stuff to get a special feature enabled which let you apply both configurations: https://community.cloudflare.com/t/status-of-shopify-o2o-for-non-enterprise-cloudflare-users/382415/14?u=chaika, that was more about shopify though
render is saying that because its an O2O setup, the customer zone config shoudl be applied first?https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/how-it-works/#with-o2o
Cloudflare Docs
How Orange-to-Orange (O2O) works · Cloudflare for Platforms docs
Orange-to-Orange (O2O) is a specific traffic routing configuration where traffic routes through two Cloudflare zones: the first Cloudflare zone is …
depends if using old ssl for saas stuff or new cf for saas stuff
basically old partners vs new partners/diff setups, the docs kind of flatten them together
they might not know, render is newer though so it'd be kind of weird if they were on the legacy version. What URL did you try to trace?
lol I played around with their magic for a bit because I was curious. If what I found is actually the case, you're using the A Record / Single IPv4 they gave you. Switch it out to the CNAME option and your config will apply (CF lets you use CNAMEs on apex, you can change the type/target and not encounter any downtime). Not sure why, some SaaS Magic I assume. I know those dedicated IPs/Apex Proxying is all custom
Edited: I asked and apparently O2O (applying your config) just doesn't work with anything but the CNAME option with CF for SaaS, good to know for the future.
THAT WAS IT
oh man, you rock. Thanks for digging in
these instructions are very deceiving, i'll let them know
not sure why we were setup with an A name, we've been a customer for a long time