If you are having caching issues on your website, here’s how you can solve your problems. As you scroll down the page, the options will become more advanced. Check if your problem was solved before moving to the next step.
1. Clear the Firewall Cache
The first thing to do is to clear the cache from Sucuri's dashboard.
2. Clear the Browser Cache
Your browser can, and probably will, cache lots of stuff in order to improve your experience, but it could be a problem sometimes. Try to clear the browser cache & cookies or access using the incognito mode.
3. Set Cache Level to “Site Caching”
As explained on the Caching Options article, with "Site Caching", the Sucuri Firewall will not cache page content for logged in users. This is the best option if you run a custom CMS, a forum like vBulletin or an eCommerce store. Cache-Control headers sent by your web server will be respected.
Most of the applications sends the right cache headers, however if you notice an issue, you can Investigate if your server is sending the right cache headers.
4. Cache Exceptions & Versioning
If you want to disable caching on specific files or directories, there's an easy way to do it without having to disable the entire cache.
Attention: Please, don’t insert high traffic pages/directories like /feed/ on the non-cache URL. Your website will be vulnerable to DDoS attacks.
We will still cache images, .css, .js, .pdf, .txt, .mp3 and a few more extensions on Sucuri's anycast network locations, regardless of the cache mode or non-cached URLs. The only way to flush/clear the cache for these is by cleaning Sucuri Firewall cache or using Versioning.
Versioning is nothing more than adding a query string such as "?ver=123.1" and incrementing (such as ?ver=123.2) on each update so you can see the updates as expected. It is very useful during development.
5. Disable Compression
In rare cases, the compression on the Firewall side can conflict with the compression on the server side. Disabling the compression on the Firewall side could help on these cases.
6. Cron Job
If you got there, you are probably wondering what you did wrong. Don’t worry, Sucuri heroes created an API to help you.
Login to the Firewall dashboard and then go to API -> API Details. There you will see a Clear Cache (CloudProxy API v1) button, copy the link of the button and create a Cron Job on your server to access the URL every X minutes/hours you like.
Let’s say you want to clear the cache every 6 hours, so your Cron Job will look like this:
0 */6 * * * curl "https://waf.sucuri.net/api?v2&k=api_key&s=api_secret&a=clear_cache" >/dev/null 2>&1
Don’t copy this example without changing your
api_secret. Both of them are available on the Firewall dashboard, menu API -> API Details. If you copied the link of the button mentioned previously, you just need to replace the URL between "" (quotation marks).
You can generate the Cron Job syntax online: http://crontab-generator.org/ http://www.cronmaker.com/ http://www.crontabgenerator.com/
If you don’t know how to setup a Cron Job on your server, you can learn from the following links:
ATTENTION: You shouldn't clear the cache twice in a row (with a two minutes window) because subsequent requests in a short period of time will be ignored. Cache is very important, so we don’t recommend setting the Cron Job to run every hour. If you do that, it can slow down your site.
If you don’t know how to do this, please open a General Support Request. Your case will be assigned by a trained support agent that will access your server and configure the Cron Job for you.
You don’t want to use Cron Job and none of the previous options has resolved your issue. Okey-dokey, let’s try a WebHooks.
If you are on WordPress, install and activate Code Snippets plugin.
- Go to Snippets -> Add New on your WordPress admin.
- On Name (short title) field, insert "Sucuri Clear Cache”;
- On the Code field, insert the code below: https://pastebin.sucuri.net/mld3ky52fhr8wcp
- Between the '' (apostrophes) of
$secret, insert your API Key and API Secret, available on the Firewall dashboard, menu API -> API Details;
- Press Save Changes and Activate.
If you are on any other platform, we don’t have a ready code for you, but the logic is basically the same as the WordPress code:
- Function that recognize changes on the website, like an post update;
- GET request to the Clear Cache URL from API;
You should speak with your developer to generate this code for you.
8. Microcaching (Max Age)
If you don’t mind to have an quick delay between the updates of your website dynamic pages, set the Cache Level on “Site Caching” and then put those lines on your .htaccess file:
# BEGIN Cache-Control Headers for Dynamic Requests <ifModule mod_headers.c> <filesMatch "\.(x?html?|php)$"> Header set Cache-Control "public, max-age=120" </filesMatch> </ifModule> # END Cache-Control Headers for Dynamic Requests
If you don’t know how to do this, please open a General Support Request. Your case will be assigned by a trained support agent that will access your server and configure the .htaccess file for you.
For NGINX servers, you should speak with your hosting provider to convert those .htaccess lines to NGINX rules.
9. Static Cookieless Sub-domain
10. Disable the Cache
This option must be the last one and should always be avoid.
With the "Disabled" option selected as the Cache Level, the Sucuri Firewall will continue to cache static files such as images, .swf, .css, .js, .pdf, .txt, .mp3, .mp4 and fonts. Keep in mind that if your web servers instructs otherwise, like "Cache-Control: public, max-age=XXX" the Firewall will follow the instruction and cache for that XXX seconds.
DON’T FORGET: Static files will always be cached by our Firewall, unless you use “Versioning” as explained on 4º step. Another option is to use a sub-domain for the static files, but it is an advanced technique and should be configured by a hired specialist.