# Cloudflare Setup If you use Cloudflare in front of smoxy, there are two things you need to configure to avoid conflicts: image caching and cache invalidation. *** ### Image Optimization When smoxy converts images to WebP or AVIF, it changes the `Content-Type` header but keeps the original file extension. Cloudflare caches based on file extension, not Content-Type — so an AVIF image may be cached under a `.jpg` extension, causing browsers to receive the wrong format. **Fix:** Create a Cloudflare Cache Rule that bypasses cache for image files. **Cache Rule expression:** ``` (ends_with(http.request.uri.path, ".png")) or (ends_with(http.request.uri.path, ".jpeg")) or (ends_with(http.request.uri.path, ".jpg")) or (ends_with(http.request.uri.path, ".gif")) or (ends_with(http.request.uri.path, ".webp")) or (ends_with(http.request.uri.path, ".avif")) ``` Set the action to **Bypass Cache** for matching requests. Additionally, if you have a Cloudflare Pro or Business plan, disable **Cloudflare Polish** (image optimization) to avoid double optimization. *** ### Cache Invalidation smoxy uses `BAN` and `PURGE` HTTP methods to invalidate cached content. Cloudflare can interfere with these requests in two ways: * **BAN requests** — Cloudflare's DDoS protection may block them if many are sent in a short time * **PURGE requests** — Cloudflare blocks these entirely, and no WAF rule can override this **Fix:** Create a subdomain with Cloudflare's proxy disabled (DNS-only mode) and send your invalidation requests through it. #### Setup 1. In Cloudflare DNS, add a new record for a subdomain (e.g. `smoxy.example.com`) 2. Set the proxy toggle to **DNS only** (grey cloud icon) — this means Cloudflare does not proxy requests to this subdomain 3. Point the record to smoxy #### Does the subdomain need to be configured in smoxy? No. If your main domain (e.g. `example.com`) is already set up in smoxy and assigned to a site, all subdomains are automatically routed through the same site. The invalidation subdomain will use your existing site configuration. #### Usage Send your invalidation requests to the subdomain instead of the main domain: ```bash curl -X BAN -H "secret: " -H "tags: products" https://smoxy.example.com/ ``` This bypasses Cloudflare entirely, so BAN and PURGE requests reach smoxy without being blocked.