Cache eligibility

更新时间:
复制 MD 格式

To bypass the Edge Security Acceleration (ESA) cache for resources that match the default cache rule, create a rule to filter requests and set Cache Eligibility to Bypass Cache.

Note

If no cache rules or configurations are set, caching on ESA points of presence (POPs) follows the default cache rule.

Scenarios

If your origin server has resources that you do not want to cache on ESA POPs, such as dynamic resources where each request must fetch the latest content from the origin, configure a bypass cache rule for those resources. Bypassing the cache for dynamic resources improves access performance.

Cache eligibility rules determine whether a request is cached by ESA edge nodes. Common use cases include:

  • Static resource caching — Improve performance by caching images, CSS, and JavaScript files at edge nodes.

  • Dynamic content bypass — Ensure login pages, APIs, and personalized content are not cached.

  • Dynamic-static separation — Cache static assets while bypassing dynamic requests to the origin server.

  • Selective no-cache — Prevent specific files or paths from being cached.

Procedure

  1. In the ESA console, you can choose Site Management. In the Website column, you can click the target site.

  2. In the navigation pane on the left, choose Rules > Cache Rules.

  3. Click Create Rule and enter a Rule Name.

  4. In the If requests match... section, set the request attributes to match. For more information about how to configure rules, see Composition of a rule expression.

  5. In the Cache Eligibility area, select a cache policy and click OK.

    image

    • Bypass Cache: All requests skip the POP cache and fetch directly from the origin, allowing you to view the latest resources from the origin server in real time. When enabled, only the Browser Cache TTL setting applies.

    • Eligible for Cache: All eligible requests are served from POP cache nodes instead of the origin. This avoids long origin fetch paths, reduces latency, and improves access performance.

Cache eligibility options and limitations

Bypass Cache

When Bypass Cache is selected:

  • Matching requests are forwarded directly to the origin server without being stored at ESA edge nodes.

  • Only the Browser Cache TTL setting takes effect. Other cache-related features (such as Cache Deception Defense and Serve Stale Content) are disabled for this rule.

  • ESA does not support configuring no-cache behavior based on HTTP response headers (such as X-Fallback) or HTML comment markers. Use request-header-based or URL-based match conditions instead.

Default cache behavior

When no cache rules are configured, or when no rule matches a request, ESA applies the following default behavior:

  • Requests follow the ESA default cache policy.

  • Dynamic requests with URLs ending in / are forwarded to the origin server by default.

  • When the origin server returns a no-cache response header, the response is not cached.

Advanced cache features

The following features are disabled by default and must be manually enabled in a cache rule:

  • Cache Deception Defense: Protects against cache deception attacks.

  • Serve Stale Content: Allows ESA to serve stale cached content when the origin is temporarily unavailable.

Common configuration examples

The following examples cover high-frequency scenarios for configuring cache eligibility.

Example 1: Bypass cache for dynamic APIs

Scenario: Prevent dynamic API endpoints from being cached at edge nodes.

Configuration:

  • Match Condition: URL path contains /api, OR URL path contains /prod-api/, OR file name extension equals php

  • Cache Eligibility: Bypass Cache

Note

When specifying file name extensions, do not include the dot. Enter php, not .php.

Example 2: Bypass cache for admin and login pages

Scenario: Prevent WordPress admin pages, CMS management interfaces, or login endpoints from being cached.

Configuration:

  • Match Condition: URL path contains /wp-admin, OR URL path contains /admin, OR URL path contains /login

  • Cache Eligibility: Bypass Cache

Important

Place this rule at the top of the rule list to ensure it takes priority over general static resource caching rules.

Example 3: Cache SPA root path

Scenario: ESA does not cache extension-free URLs (such as /) by default. To cache text/html content for single-page applications (SPAs):

Configuration:

  • Match Condition: Request header Accept contains text/html

  • Cache Eligibility: Eligible for Cache

  • Cache TTL: Set according to your SPA update frequency.

Example 4: Bypass cache for specific files

Scenario: Prevent specific files such as sitemap.xml from being cached.

Configuration:

  • Match Condition: URL path contains sitemap (without file name extension), OR file name extension equals xml (enter xml, not .xml)

  • Cache Eligibility: Bypass Cache

Example 5: Dynamic-static separation

Scenario: Cache static assets while ensuring dynamic requests are forwarded to origin.

Recommended approach:

  1. Delete any existing full-site cache rules.

  2. Create a rule to cache static resources. For example, match file name extension equals one of jpg, png, css, or js.

  3. Create a separate rule to bypass cache for dynamic API endpoints. For example, match URL path contains /api.

This approach prevents dynamic requests from being accidentally cached.

Configuration notes

  • One cache TTL per rule — A single cache rule can only define one cache TTL. If different file name extensions or directories require different cache durations, create a separate rule for each.

  • Rule independence — Disabling or deleting a specific cache rule does not affect caching behavior for other resources. ESA continues to match remaining rules in order.

  • Reducing origin load — Configure bypass cache rules for dynamic content and enable cache rules for static resources to minimize requests forwarded to the origin server.

FAQ

Why does my bypass cache rule not take effect?

Check the following:

  1. Incorrect match condition: Verify the rule expression. Common mistakes include:

    • An OR condition unintentionally matches requests from other domains.

    • File name extension or path values are formatted incorrectly. For example, .php instead of php.

  2. Missing request characteristics: If the rule depends on a specific request header (such as sec-fetch-site), confirm that actual client requests include this header.

  3. Insufficient rule priority: ESA evaluates rules from top to bottom. If the bypass cache rule is positioned below a long-TTL caching rule, the earlier rule may match first. Move the bypass cache rule to a higher position in the list.

  4. Cache not flushed after rule change: After modifying rules, flush affected URLs or directories in the ESA console. Refreshing your browser does not invalidate content cached at edge nodes.

  5. Plan limitations: The Free Edition may not guarantee consistent rule enforcement. Consider upgrading to a paid plan.

  6. Verification approach: Check the Server response header to confirm whether requests are being processed by ESA edge nodes. Use an incognito browser window to eliminate local browser cache interference.

Why can't I log in, or why do pages redirect incorrectly after enabling ESA?

Cause: This typically occurs when a full-site cache rule or an improperly configured cache rule causes login cookies, session data, or dynamic API responses to be cached at ESA edge nodes.

Resolution:

  1. Suspend or delete any suspicious full-site cache rules.

  2. Create Bypass Cache rules specifically for login pages, CAPTCHA endpoints, and admin paths. Position these rules at the top of the rule list to give them the highest priority.

  3. In the ESA console, flush the cache for the affected URLs.

  4. Verify the fix using an incognito browser window.

If the issue persists after configuration is correct: Check your origin server business logic. For example, verify that 302 redirect logic correctly identifies the login state. If the origin server is not correctly handling login state, this is outside the scope of ESA.

What is the difference between "equals" and "contains" in match conditions?

Match type

Behavior

Equals

Exact match of the specified URL path. Also automatically matches all sub-paths. For example, configuring /test/_nuxt/ with Equals also matches resources under /test/_nuxt/chunk-abc.js.

Contains

Fuzzy match. Any URL that includes the specified string anywhere is matched.

For hostname matching, both Equals and Contains produce equivalent results and can be used interchangeably.

Why does enabling cache rules make probing succeed, but disabling them causes timeouts?

When cache rules are active, ESA edge nodes serve requests directly from cache, reducing load on the origin server.

When cache rules are disabled, all requests — including high-volume dynamic requests — go directly to the origin server in real time. Under high-concurrency load testing, this can overwhelm the origin server and cause request timeouts.

This behavior reflects an origin server performance bottleneck, not an ESA issue. To address this:

  • Configure cache rules to reduce the volume of requests forwarded to origin.

  • Enable JS Challenge or Intelligent Rate Limiting to protect the origin server from excessive concurrent requests.

Related documentation

Rule-related features vary in effective priority, reentrancy, and effective granularity. For details, see Properties of Rule-Related Features.