New Cloudflare cache rules beta allowed wordpress users to bypass cache on cookie, no need for paid rule and APO.
1st set cache level everything in page rules. (its really complicated after enabling)
2nd go cache rules beta
add following 4 rules recommend by isoumya
mycase, even after i enabled the APO $5 month bypass on cookie not working. caching also not working on new website. old one wprked fine. but i added below rules as a 2nd layer option.
go to Caching > Cache Rules.
Then inside the Cache Rules page, click on the Create Cache Rule button. Then finally on the Create new Cache Rule page, click on the Edit Expression link.
Make sure you replace example.com with your actual website hostname e.g. something.com or www.something.com etc. in the code given below before copy/pasting it.
Rule Name: Add the following in the Rule Name section Cache Bypass — WP Admin Paths, WooCommerce API, EDD API Endpoints
Rule Expression: Add the following expression inside the expression builder section.
(
http.host eq "example.com" and
(starts_with(http.request.uri.path, "/wp-admin") or starts_with(http.request.uri.path, "/wc-api/") or starts_with(http.request.uri.path, "/edd-api/"))
)
Cache Status: Set it to Bypass Cache.
Rule 2 ➜ Cache Bypass — XML, XSL & PHP Files
Rule Name: Add the following in the Rule Name section Cache Bypass — XML, XSL & PHP Files
Rule Expression: Add the following expression inside the expression builder section.
(
http.host eq "example.com" and
(http.request.uri.path contains ".xsl" or http.request.uri.path contains ".xml" or http.request.uri.path contains ".php")
)
Cache Status: Set it to Bypass Cache.
Rule 3 ➜ Cache Bypass — Default Bypass Cookies
Rule name: Add the following in the Rule Name section Cache Bypass — Default Bypass Cookies
Rule Expression: Add the following expression inside the expression builder section.
(
http.host eq "example.com" and
(http.cookie contains "wordpress_logged_in_" or http.cookie contains "comment_" or http.cookie contains "woocommerce_" or http.cookie contains "wordpressuser_" or http.cookie contains "wordpresspass_" or http.cookie contains "wordpress_sec_" or http.cookie contains "yith_wcwl_products" or http.cookie contains "edd_items_in_cart" or http.cookie contains "it_exchange_session_" or http.cookie contains "comment_author" or http.cookie contains "dshack_level" or http.cookie contains "auth_" or http.cookie contains "noaffiliate_" or http.cookie contains "mp_session" or http.cookie contains "xf_" or http.cookie contains "mp_globalcart_") and
not http.request.uri.path contains "."
)
Cache Status: Set it to Bypass Cache.
Rule 4 ➜ Cache Eligible Requests & Ignore Unnecesary Query Params from cacheKey
Rule name: Add the following in the Rule Name section Cache Eligible Requests & Ignore Unnecesary Query Params from cacheKey
Rule Expression: Add the following expression inside the expression builder section.
(http.host eq "example.com" and not starts_with(http.request.uri.path, "/wp-admin") and not starts_with(http.request.uri.path, "/wp-json/") and not starts_with(http.request.uri.path, "/wc-api/") and not starts_with(http.request.uri.path, "/edd-api/") and not http.request.uri.path contains ".xsl" and not http.request.uri.path contains ".xml" and not http.request.uri.path contains ".php" and not http.request.uri.query contains "s" and not http.cookie contains "wordpress_logged_in_" and not http.cookie contains "comment_" and not http.cookie contains "woocommerce_" and not http.cookie contains "wordpressuser_" and not http.cookie contains "wordpresspass_" and not http.cookie contains "wordpress_sec_" and not http.cookie contains "yith_wcwl_products" and not http.cookie contains "edd_items_in_cart" and not http.cookie contains "it_exchange_session_" and not http.cookie contains "comment_author" and not http.cookie contains "dshack_level" and not http.cookie contains "auth_" and not http.cookie contains "noaffiliate_" and not http.cookie contains "mp_session" and not http.cookie contains "xf_" and not http.cookie contains "mp_globalcart_")
Cache Status: Set it to Eligible for cache.
all rules f0r copying at a time replace with your website
downnload the txt file replace example.com with your domain and mnualy create rules in cloudflare.
(
http.host eq "nursejobalert.com" and
(starts_with(http.request.uri.path, "/wp-admin") or starts_with(http.request.uri.path, "/wc-api/") or starts_with(http.request.uri.path, "/edd-api/"))
)
(
http.host eq "nursejobalert.com" and
(http.request.uri.path contains ".xsl" or http.request.uri.path contains ".xml" or http.request.uri.path contains ".php")
)
(
http.host eq "nursejobalert.com" and
(http.cookie contains "wordpress_logged_in_" or http.cookie contains "comment_" or http.cookie contains "woocommerce_" or http.cookie contains "wordpressuser_" or http.cookie contains "wordpresspass_" or http.cookie contains "wordpress_sec_" or http.cookie contains "yith_wcwl_products" or http.cookie contains "edd_items_in_cart" or http.cookie contains "it_exchange_session_" or http.cookie contains "comment_author" or http.cookie contains "dshack_level" or http.cookie contains "auth_" or http.cookie contains "noaffiliate_" or http.cookie contains "mp_session" or http.cookie contains "xf_" or http.cookie contains "mp_globalcart_") and
not http.request.uri.path contains "."
)
(http.host eq "nursejobalert.com" and not starts_with(http.request.uri.path, "/wp-admin") and not starts_with(http.request.uri.path, "/wp-json/") and not starts_with(http.request.uri.path, "/wc-api/") and not starts_with(http.request.uri.path, "/edd-api/") and not http.request.uri.path contains ".xsl" and not http.request.uri.path contains ".xml" and not http.request.uri.path contains ".php" and not http.request.uri.query contains "s" and not http.cookie contains "wordpress_logged_in_" and not http.cookie contains "comment_" and not http.cookie contains "woocommerce_" and not http.cookie contains "wordpressuser_" and not http.cookie contains "wordpresspass_" and not http.cookie contains "wordpress_sec_" and not http.cookie contains "yith_wcwl_products" and not http.cookie contains "edd_items_in_cart" and not http.cookie contains "it_exchange_session_" and not http.cookie contains "comment_author" and not http.cookie contains "dshack_level" and not http.cookie contains "auth_" and not http.cookie contains "noaffiliate_" and not http.cookie contains "mp_session" and not http.cookie contains "xf_" and not http.cookie contains "mp_globalcart_")
API Key example
7dbd717a40098f97e3d5d6de23ddbed92519a (sample)
if you are using Super Page Cache for Cloudflare plugin
Remove Cache Buster Query Parameter option in the plugin settings & Purge the whole Cloudflare Cache
Inside the Super Page Cache for Cloudflare plugin settings, go to the Other tab and scroll down. You will see an option named Remove Cache Buster Query Parameter.
source : https://gist.github.com/isaumya/af10e4855ac83156cc210b7148135fa2
Trobuleshooting
Edge cache ttl by deafult respects heders you rewrite them in edge cache ttl in 4 th rule.