PRICING SUPPORT LOGIN
Keep in mind that caching is one of the most important techniques available to speed your website and save resources.

If you are having cache issues on your website, here’s how you can solve your problems. As you scroll down the page, the options will become more advanced. Check if your problem has been solved before moving to the next step.

  1. Clear the Firewall Cache
  2. Clear the Browser Cache
  3. Set Cache Level to Site Caching
  4. Cache Exceptions & Versioning
  5. Disable Compression
  6. Cron Job
  7. WebHook
  8. Micro-caching
  9. Static Cookieless Sub-domain
  10. Varnish, Squid, Redis, Memcached and Similar
  11. Non-Cached Pages
  12. Mobile Version
  13. Session Cookies
  14. Disable the Cache

1. Clear the Firewall Cache

The first thing to do is to clear the cache from Sucuri Firewall's dashboard.

2. Clear the Browser Cache

Your browser can, and probably will, cache lots of stuff in order to improve your experience, but it could be a problem sometimes. Try to clear the browser cache & cookies or access using the incognito mode.

3. Set Cache Level to “Site Caching”

Site Caching Mode

As explained on the Caching Options article, with "Site Caching", the Sucuri Firewall will not cache pages that sends no-cache headers, such as "Cache-Control: no-cache". This is the best option if you run a custom CMS, a forum like vBulletin or an eCommerce store.

Most popular applications sends the correct cache headers, so authenticated users should not have issues. However if you notice an issue or want to customize the cache lifetime, you can investigate your application cache headers.

4. Cache Exceptions & Versioning

If you want to disable caching on specific files or directories, there's an easy way to do it without having to disable the entire cache.

Attention: Please, don’t insert high traffic pages/directories like /feed/ on the non-cache URL. Your website will be vulnerable to DDoS attacks.

We will still cache images, .css, .js, .pdf, .txt, .mp3 and a few more extensions on Sucuri Firewall Anycast network locations, regardless of the cache mode or non-cached URLs. The only way to avoid cache entirely is by using Developer Mode, clearing Sucuri Firewall cache or using Versioning.

Versioning is nothing more than adding a query string such as "?ver=123.1" and incrementing (such as ?ver=123.2) on each update so you can see the updates as expected.

5. Disable Compression

In rare cases, Compression on the Firewall side can conflict with the compression of the server side, disable the compression on the Firewall side and check again.

6. Cron Job

If you got there, you are probably wondering what you did wrong. Don’t worry, Sucuri heroes created an API to help you.

Login to the Firewall dashboard and then go to API -> API Details. There you will see a Clear Cache (WAF API v1) button, copy the link of the button and create a Cron Job on your server to access the URL every X minutes/hours you like.

Let’s say you want to clear the cache every 6 hours, so your Cron Job will look like this:

0 */6 * * * curl "https://waf.sucuri.net/api?v2&k=api_key&s=api_secret&a=clear_cache" >/dev/null 2>&1

Don’t copy this example without changing your api_key and api_secret. Both of them are available on the Firewall dashboard, menu API -> API Details. If you copied the link of the button mentioned previously, you just need to replace the URL between "" (quotation marks).

You can generate the Cron Job syntax online: http://crontab-generator.org/ http://www.cronmaker.com/ http://www.crontabgenerator.com/

If you don’t know how to setup a Cron Job on your server, you can learn from the following links:

ATTENTION: You should not clear the cache twice in a row (with a two minutes window) because subsequent requests in a short period of time will be ignored. Cache is very important, so we don’t recommend setting the Cron Job to run every hour. If you do that, it can slow down your site.

If you don’t know how to do this, please open a General Support Request. Your case will be assigned by a trained support agent that will access your server and configure the Cron Job for you.

7. WebHook

You don’t want to use Cron Job and none of the previous options has resolved your issue. Okey-dokey, let’s try a WebHooks.

If you are on WordPress, install and activate Code Snippets plugin.

  1. Go to Snippets -> Add New on your WordPress admin.
  2. On Name (short title) field, insert "Sucuri Clear Cache”;
  3. On the Code field, insert this code: https://goo.gl/HRHMwm
  4. Between the '' (apostrophes) of $key and $secret, insert your API Key and API Secret, available on the Firewall dashboard, menu API -> API Details;
  5. Press Save Changes and Activate.

Sucuri Clear Cache Snippet

If you are on any other platform, we don’t have a ready code for you, but the logic is basically the same as the WordPress code:

  1. Function that recognize changes on the website, like a post update;
  2. GET request to the Clear Cache URL from API;

You should speak with your developer to generate this code for you.

8. Micro-caching (Max-Age)

If you don’t mind to have a quick delay between the updates of your website dynamic pages, set the Cache Level to “Site Caching” and then install a cache plugin/module in your platform.

In case the Firewall is wrongly caching private pages, add the following code in your your .htaccess file:

# BEGIN Cache-Control Headers for Dynamic Requests
    <ifModule mod_headers.c>
        <filesMatch "\.(x?html?|php)$">
            Header append Vary "Cookie"
        </filesMatch>
    </ifModule>
# END Cache-Control Headers for Dynamic Requests

If you don’t know how to do this, please open a General Support Request. Your case will be assigned by a trained support agent that will access your server and configure the .htaccess file for you.

For NGINX or IIS servers, you should speak with your hosting provider to convert those .htaccess lines to NGINX or IIS rules.

9. Static Cookieless Sub-domain

Sometimes you may need to avoid static files cache, even with Versioning. Since static files, such as CSS, JS and images, don’t make use of cookies, you can create a new sub-domain, only to serve static content without cookies and cache. There are couple ways to do it and you can also make use of an External CDN, but as it is a bit tricky to set up, we will not explain here. Please search for “how to set up a cookieless sub-domain” in a popular search engine to find out how to do it.

10. Varnish, Squid, Redis, Memcached and Similar

One of the main reasons why you are not seeing an updated version of your website content is because your hosting provider/origin server has some caching mechanism in place. We would recommend disabling full page cache such as Varnish/Squid and clear all others caches systems, like Redis/Memcached (NoSQL family).

11. Non-Cached Pages

Some platforms/tools may not send the right cache headers, such as WordPress password protected pages. In cases like that, you need to insert the page URL into the Non-Cached URLs list. Don't forget to clear Sucuri Firewall cache after adding the URL or it'll not work as expected.

12. Mobile Version

If your website has a mobile version and it isn't working after activating Sucuri Firewall, set the Cache Level to “Site Caching” and add the following code to your .htaccess file:

# BEGIN Cache-Control Headers for Mobile
    <ifModule mod_headers.c>
        <filesMatch "\.(x?html?|php)$">
            Header append Vary "User-Agent"
        </filesMatch>
    </ifModule>
# END Cache-Control Headers for Mobile

It'll make obligatory the creation of different cached versions of the pages depending on the User Agent.

For NGINX or IIS servers, you should speak with your hosting provider to convert those .htaccess lines to NGINX or IIS rules.

Attention: Mobile version is different from Responsive design. Responsive design is interpreted differently by the browser, but the page content is exactly the same for all user agents. You shouldn't use this code for responsive designed websites.

If you don’t know how to do this, please open a General Support Request. Your case will be assigned by a trained support agent that will access your server and configure the .htaccess file for you.

13. Session Cookies

If your application uses cookies to keep track of member sessions and it isn't working after activating Sucuri Firewall, set the Cache Level to “Site Caching” and add the following code to your .htaccess file:

# BEGIN Prevent Session Cookie Cache
    <ifModule mod_headers.c>
        Header append Vary "Cookie"
    </ifModule>
# END Prevent Session Cookie Cache

It'll make obligatory the creation of a different cached versions of the pages depending on the value sent by the "Set-Cookie" header.

For NGINX or IIS servers, you should speak with your hosting provider to convert those .htaccess lines to NGINX or IIS rules.

14. Disable the Cache

This option must be the last one and should always be avoid.

With the "Disabled" option selected as the Cache Level, the Sucuri Firewall will continue to cache static files such as images, .swf, .css, .js, .pdf, .txt, .mp3, .mp4 and fonts. Keep in mind that if your web servers instructs otherwise, like "Cache-Control: public, max-age=XXX" the Firewall will follow the instruction and cache for that XXX seconds.

DON’T FORGET: Static files will always be cached by our Firewall, unless you use “Versioning” as explained on 4º step or use the Developer Mode. Another option is to use a sub-domain for the static files, but it is an advanced technique and should be configured by a hired specialist.