#ReCaptcha Page by Litespeed via Hostigner is getting Cached by Cloudflare

Hi all,

I posted about this about a month ago and still looking for help.

Litespeed via Hostigner occassionaly challenges visits to my website and shows a reCAPTCHA challenge. However, Cloudflare is caching this and serving it in a loop and website becomes totally inaccessible unless purging from dashboard.

I am on the Cloudflare pro plan and could really do with some help in some way around to stop this from happening.

The performance boost from cloudflare too much to give it up and moving hosts from Hostinger would be monumental and hostinger refuses to stop the recaptchas as it's a core security feature that cant be changed

Could someone advise?

Did you create a rule in Cloudflare to cache pages? Cloudflare shouldn't cache it by default.

@valid geyser So I have created two rules which are deployed

1. First one: Where I (believe) am instructing cloudflare NOT to cache if either of the cookies in the screenshot are present
2. Second: where I am instructing to no cache if URL contains "Checkout" "Wish-list" or "Cart"

Could it be by making these two rules my interpretation of how cloudflare treats these are wrong and caused this issue inadvertedly? (Other than these two rules I don't have anything else rule-wise

Can you share a URL that you see the issue on? Doesn't need to happen now, I'm just curious to the filetype etc.

@valid geyser It happens on any page, randomly and periodically

website is rapidscooter.co.uk

I took some screenshots of the network tab last time it happened

You're using the Cloudflare Wordpress plugin, that explains why the site is being cached.

Aha? and you are saying I shouldn't use the Cloudflares APO plugin?

No, but I was trying to figure out why the site was cached at all when you only had bypass rules.

Ah I see, both Cloudflare and WP-Rocket (caching plugin I use) recommended i install and use Cloudflares plugin. Guessing you don't have any ideas?

Give me a moment to think please 😉

This might help you:
https://community.cloudflare.com/t/preventing-cache-in-wordpress-apo-on-pages-with-no-cache-header/692725

Haven't tried it myself but it seems reasonable.

Will definitely give that a try

although, I do have one question. From a WordPress point of view this this will modify the headers into an understandable command for Cloudflare to not cache. But when reCAPTCHA is deployed its deployed from server level I guess with it's own headers? Wouldn't cloudflare just cache based on that then?

Oh, you're right. The reCaptcha comes before Wordpress...

I kinda doubt you can influence what headers Hostinger sends there.

I thought it was a Wordpress plugin doing the reCaptcha, but you said it was the host.

Exactly, story of my life in the last 30 days :;)

I reached out to Cloudflare and opened a ticket 24 days ago, they replied first asking for some information, after providing I didn't hear back at all any further despite chasers. Hostinger's support won't help as they don't give that level control to users.

Do you have a dev environment where you can try stuff without risking to expose any private information?

Like a staged env? if so yes

can you try a cache rule where you use if hostname equals staging.example.com

Then
Edge TTL => Use cache-control header if present, bypass cache if not

It's a wild shot though.

replace staging.example.com with like staging.rapidscooter.co.uk?

@valid geyser if you check this screenshot the request URL is the same as my own domain, just renders the server loaded recaptcha page. so doubt this would work. Do you know in this rule what paramter "hostname" is that cloudflare looks at?

Oh hang on, are you saying to use this to sort of override the Cloudflares APO Plugin quirk?

Yes, but I'm not sure if it would work.

It would stop these reCaptcha pages from being cached, but it might break other stuff.

Ill just try this on production site, if it breaks anything i'll revert it quickly

I've thought about it a bit more, I'm pretty sure it's not going to work.

Do you know who might be able to help and I could reachout to potentially?

The problem with Cache Rules is that they operate on the request, not the response.

I'm currently checking with my own Wordpress installation if there is any way to have it respect no-cache headers, but I haven't used that installation in forever, and of course it's not working...

Oh wow, I really appreciate that and that you're puting time in this. Let me know if you find anytning 🙂

I'll need to figure out why the CF plugin isn't working for me anyway 😉 Last time I tried something, it did work...

Hmm, I'm again confused. When I set Cache-Control: no-cache,no-store on my server, Cloudflare doesn't cache the response, even though the plugin is enabled. Why does it cache yours?

Aaaaarghs, it's just the plugin not working again ~.~

How are you setting that, in htaccess?

Yeah, I just don't think APO is going to be compatible with Hostinger if they serve reCaptcha occasionally.

I haven't found a way to make Cloudflare respect the cache-control header. cdn-cache-control works, so maybe you can convince Hostinger to add that header to their Captcha page as well.