PHPackages                             nexxai/laravel-cfcache - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Caching](/categories/caching)
4. /
5. nexxai/laravel-cfcache

ActiveLibrary[Caching](/categories/caching)

nexxai/laravel-cfcache
======================

A handful of Cloudflare cache helpers for Laravel

v1.5.0(4w ago)13314.7k↓19.6%8[1 issues](https://github.com/nexxai/laravel-cfcache/issues)[1 PRs](https://github.com/nexxai/laravel-cfcache/pulls)MITPHPPHP ^8.3CI passing

Since Oct 21Pushed 4w ago10 watchersCompare

[ Source](https://github.com/nexxai/laravel-cfcache)[ Packagist](https://packagist.org/packages/nexxai/laravel-cfcache)[ RSS](/packages/nexxai-laravel-cfcache/feed)WikiDiscussions main Synced 4d ago

READMEChangelog (10)Dependencies (24)Versions (19)Used By (0)

 [![Build Status](https://github.com/nexxai/laravel-cfcache/workflows/Build/badge.svg)](https://github.com/nexxai/laravel-cfcache/actions) [![Latest Stable Version](https://camo.githubusercontent.com/63f2b0e659acb5fc43c270be68190c8d8cf985df33369447c7663b13325e6dab/68747470733a2f2f706f7365722e707567782e6f72672f6e65787861692f6c61726176656c2d636663616368652f762f737461626c652e737667)](https://packagist.org/packages/nexxai/laravel-cfcache) [![License](https://camo.githubusercontent.com/5087d89f52b0e66b7baf4f088b2883addef03ddfb4bb48a19ded81697b144c92/68747470733a2f2f706f7365722e707567782e6f72672f6e65787861692f6c61726176656c2d636663616368652f6c6963656e73652e737667)](https://github.com/badges/poser/blob/master/LICENSE)

Laravel Cloudflare Cache
========================

[](#laravel-cloudflare-cache)

This package provides tools to manage Cloudflare integration with your Laravel application. It includes commands for generating Cloudflare security rules and purging cached content.

The WAF rule generation was inspired by Jason McCreary's tweet:

Requirements
------------

[](#requirements)

A Laravel application running Laravel 12 or higher. *Not running a stable version of Laravel?* [Upgrade with Shift](https://laravelshift.com).

Installation / Updating
-----------------------

[](#installation--updating)

You can install this package by running the following command:

```
composer require -W nexxai/laravel-cfcache
```

To publish the configuration file (needed for WAF rule syncing):

```
php artisan vendor:publish --tag=cfcache-config
```

### Basic Usage

[](#basic-usage)

#### WAF Rule Generation

[](#waf-rule-generation)

Generate the WAF rule expression for your Laravel routes:

```
php artisan cloudflare:waf-rule
```

Once generated, you can copy and paste the expression into your domain's security rules by going to Security -&gt; Security Rules -&gt; Create Rule -&gt; Custom Rule -&gt; Edit expression

#### Cache Purging

[](#cache-purging)

Purge all cached content or specific paths/routes:

```
# Purge all cache
php artisan cloudflare:purge --all

# Purge all cache without confirmation
php artisan cloudflare:purge --all --force

# Purge specific paths (absolute or relative, separated by spaces, wildcards supported)
php artisan cloudflare:purge / /about https://example.com/faq https://example.com/our-team/*

# Purge by route names
php artisan cloudflare:purge --route=home --route=users.index --route=auth.login

# Purge everything under one or more URL prefixes
php artisan cloudflare:purge --prefix=www.example.com/

# Purge everything cached for one or more hosts
php artisan cloudflare:purge --host=www.example.com

# Schedule a purge for later
php artisan cloudflare:purge /about --schedule="2026-06-03 10:00:00"
php artisan cloudflare:purge --route=home --schedule="tomorrow 02:00"
```

Please see the [Notes](#notes) section below for additional information and examples, and potential gotchas.

### Advanced Usage

[](#advanced-usage)

#### Cloudflare API Configuration

[](#cloudflare-api-configuration)

To use the live Cloudflare features, you need to configure your Cloudflare API credentials. Add the following to your `.env` file:

```
CFCACHE_API_TOKEN=your-api-token-here
CFCACHE_ZONE_ID=your-zone-id-here
```

#### Getting Your Cloudflare Credentials

[](#getting-your-cloudflare-credentials)

1. **API Token**:

    - Go to [Cloudflare Dashboard](https://dash.cloudflare.com/profile/api-tokens)
    - Click "Create Token"
    - Use the "Custom token" template
    - Name the token "CFCache package token"
    - Based on the features you need, grant the following permissions:
        - **WAF rules**: Zone -&gt; Firewall Services -&gt; Edit
        - **Cache purging**: Zone -&gt; Cache Purge -&gt; Purge
    - Include your specific zone(s) in the Zone Resources
    - Create the token and copy it to your `.env` file as `CFCACHE_API_TOKEN`
2. **Zone ID**:

    - Go to your domain's overview page in Cloudflare
    - Find the Zone ID in the right sidebar under "API"
    - Copy it to your `.env` file as `CFCACHE_ZONE_ID`

Note

You may create a single token that applies to multiple zones, but ensure that you use the correct zone ID as the `CFCACHE_ZONE_ID` in each respective app's `.env` file.

#### Sync to Cloudflare API

[](#sync-to-cloudflare-api)

Automatically create or update the WAF rule in Cloudflare:

```
php artisan cloudflare:waf-rule --sync
```

#### Configuration

[](#configuration)

After publishing the configuration file, you can customize additional settings in `config/cfcache.php`:

```
return [
    'api' => [
        'token' => env('CFCACHE_API_TOKEN'),
        'zone_id' => env('CFCACHE_ZONE_ID'),
        'settings' => [
            'base_url' => env('CFCACHE_API_BASE_URL', 'https://api.cloudflare.com/client/v4'),
            'timeout' => env('CFCACHE_API_TIMEOUT', 30),
            'retry_attempts' => env('CFCACHE_API_RETRY_ATTEMPTS', 3),
            'retry_delay' => env('CFCACHE_API_RETRY_DELAY', 1000),
        ],
    ],

    'scheduled_purges' => [
        'file' => env('CFCACHE_SCHEDULED_PURGES_FILE', storage_path('app/laravel-cfcache/scheduled-purges.json')),
    ],

    'features' => [
        'waf' => [
            'rule_identifier' => env('CFCACHE_RULE_ID', 'laravel-waf-rule'),
            'rule_description' => env('CFCACHE_RULE_DESCRIPTION', 'Valid Laravel Routes'),
            'rule_action' => env('CFCACHE_RULE_ACTION', 'block'),
            'hostnames' => env('CFCACHE_RULE_HOSTNAMES') ? array_filter(array_map('trim', explode(',', env('CFCACHE_RULE_HOSTNAMES')))) : [],
            'ignorable_paths' => ['/_dusk/*'],
            'forced_allowed_paths' => [],
        ],
    ],
];
```

#### Available Rule Actions

[](#available-rule-actions)

- `block` - Block the request entirely
- `challenge` - Present a challenge to the visitor
- `js_challenge` - Present a JavaScript challenge
- `managed_challenge` - Use Cloudflare's managed challenge
- `allow` - Allow the request
- `log` - Log the request without taking action
- `bypass` - Bypass all security features

#### Ignorable Paths

[](#ignorable-paths)

You can configure paths that should be excluded from the WAF rule generation. This is useful for local development routes that shouldn't be included in production security rules:

```
'ignorable_paths' => [
    '/_dusk/*',     // Laravel Dusk testing routes
    '/admin/test',  // Specific test routes
    '/debug/*',     // Debug routes
],
```

The patterns support wildcards using Laravel's `Str::is()` syntax:

- `/_dusk/*` matches `/dusk/login`, `/dusk/test`, etc.
- `/admin/*` matches any path under `/admin/`
- Exact matches like `/debug` work too

By default, only `/_dusk/*` is ignored to prevent Dusk testing routes from being included in production rules.

#### Forced Allowed Paths

[](#forced-allowed-paths)

Paths that are not part of your Laravel routes but must be allowed by the WAF (e.g. Cloudflare-injected scripts like Zaraz) can be added so they are always included in the allowlist:

```
'forced_allowed_paths' => [
    '/cdn-cgi/zaraz/s.js',  // Cloudflare Zaraz
    '/cdn-cgi/monitor/xhr', // Optional: other edge-injected paths
],
```

Wildcards are supported (e.g. `/cdn-cgi/zaraz/*`). Paths are normalized with a leading slash if omitted.

#### Hostnames

[](#hostnames)

When using multiple hostnames or subdomains in the same zone, you can restrict the generated WAF rule so it only applies to specific hosts. If `hostnames` is empty (default), the rule applies to all hostnames.

Set hostnames in config or via `.env`:

```
// config/cfcache.php — rule applies only when Host matches one of these
'hostnames' => ['app.example.com', 'www.example.com'],
```

```
# .env — comma-separated
CFCACHE_RULE_HOSTNAMES=app.example.com,www.example.com
```

Cache Purging
-------------

[](#cache-purging-1)

This package also provides commands to purge Cloudflare's cache for specific paths or routes in your Laravel application.

### Basic Cache Purging

[](#basic-cache-purging)

Purge all cached content from Cloudflare:

```
php artisan cloudflare:purge --all
```

Add `--force` to skip the confirmation prompt when purging all cached content:

```
php artisan cloudflare:purge --all --force
```

### Purge Specific Paths

[](#purge-specific-paths)

Purge specific paths (relative paths will be prefixed with your app URL):

```
# Purge specific relative paths
php artisan cloudflare:purge / /about /contact

# Purge full URLs
php artisan cloudflare:purge https://example.com/page1 https://example.com/page2

# Mix relative and full URLs
php artisan cloudflare:purge /blog https://example.com/api/data

# Purge by route names
php artisan cloudflare:purge --route=home --route=users.index --route=auth.login

# Wildcards are supported
php artisan cloudflare:purge /blog/*
```

### Purge by Route Names

[](#purge-by-route-names)

Purge cache for specific Laravel routes by name (route parameters are converted to wildcards):

```
# Purge by route names
php artisan cloudflare:purge --route=home --route=about --route=users.show

# Combine routes and paths
php artisan cloudflare:purge /blog --route=contact --route=api.users.index
```

### Purge by Prefix or Host

[](#purge-by-prefix-or-host)

Use `--prefix` when you want to purge every cached URL under a specific prefix without purging the whole zone. This is useful for deploys where one Cloudflare zone contains multiple sites or subdomains:

```
# Purge the marketing site only
php artisan cloudflare:purge --prefix=www.example.com/

# Purge multiple URL prefixes
php artisan cloudflare:purge --prefix=www.example.com/blog/ --prefix=www.example.com/docs/
```

Use `--host` when you want to purge everything cached for a host:

```
# Purge all cached content for one host
php artisan cloudflare:purge --host=www.example.com

# Purge all cached content for multiple hosts
php artisan cloudflare:purge --host=www.example.com --host=marketing.example.com
```

`--prefix` and `--host` are exclusive purge modes. They cannot be used together, and neither option can be combined with paths, `--route`, or `--all`.

### Scheduled Cache Purges

[](#scheduled-cache-purges)

Add `--schedule` with any timestamp Carbon can parse to store a purge for later:

```
# Schedule specific paths
php artisan cloudflare:purge /about /contact --schedule="2026-06-03 10:00:00"

# Schedule route-based purges
php artisan cloudflare:purge --route=home --route=users.index --schedule="tomorrow 02:00"

# Schedule a full cache purge
php artisan cloudflare:purge --all --force --schedule="2026-06-03 10:00:00"

# Schedule a prefix purge
php artisan cloudflare:purge --prefix=www.example.com/ --schedule="2026-06-03 10:00:00"
```

Scheduled purges are stored on disk at the path configured by `cfcache.scheduled_purges.file`, which defaults to `storage/app/laravel-cfcache/scheduled-purges.json`. The stored command parameters do not include `--schedule`, so due purges are re-run as normal `cloudflare:purge` commands.

Note

This package does *NOT* automatically register a Laravel scheduled task. You must opt in by adding one to your application. This is intentional because scheduled tasks can have a financial impact on hosting providers such as [Laravel Cloud](https://cloud.laravel.com/docs/scheduled-tasks).

Add this to your `routes/console.php`:

```
use Illuminate\Support\Facades\Schedule;
use JTSmith\Cloudflare\Support\ScheduledPurgeStore;

Schedule::call(fn (ScheduledPurgeStore $store) => $store->runDue())
    ->name('cloudflare-scheduled-cache-purges')
    ->everyMinute()
    ->withoutOverlapping();
```

### Cloudflare API Configuration for Cache Purging

[](#cloudflare-api-configuration-for-cache-purging)

To use cache purging, you need to configure your Cloudflare API credentials with cache purge permissions. Add the following to your `.env` file:

```
CFCACHE_API_TOKEN=your-api-token-here
CFCACHE_ZONE_ID=your-zone-id-here
```

#### Getting Cache Purge Permissions

[](#getting-cache-purge-permissions)

For cache purging, your API token needs the following permission:

- **Zone -&gt; Cache Purge -&gt; Edit**

You can create a token with both WAF and Cache Purge permissions if you plan to use both features.

Notes
-----

[](#notes)

#### Multiple subdomains

[](#multiple-subdomains)

If you use multiple subdomains (e.g., `example.com` and `sub.example.com`) in the same zone, set the `hostnames` option in `config/cfcache.php` (see [Hostnames](#hostnames)) so the generated WAF rule only applies to the hostnames you specify. Otherwise the rule would apply to every hostname on the zone.

#### Certbot / .well-known

[](#certbot--well-known)

If you're using [Certbot](https://certbot.org/) and the `.well-known` directory to manage your SSL certificates (or for other purposes), you will need to manually add a `.well-known/*` rule to the wildcard section of your WAF rule.

#### Cache Purging Notes

[](#cache-purging-notes)

- Route parameters (like `{id}`) are converted to wildcards (`*`) for Cloudflare compatibility
- Relative paths are automatically prefixed with your `APP_URL`
- Full URLs (starting with `http://` or `https://`) are used as-is
- Unknown route names are silently skipped
- Add `--force` with `--all` to skip the confirmation prompt
- Use `--prefix` to purge every cached URL under a URL prefix
- Use `--host` to purge everything cached for a host
- `--prefix` and `--host` cannot be combined with each other, paths, routes, or `--all`
- Cache purging requires different API permissions than WAF rule management

Contributing
------------

[](#contributing)

Contributions to this project are welcome. You may open a Pull Request against the `main` branch. Please ensure you write a clear description (ideally with code samples) and all workflows are passing. PRs without tests confirming the proposed behavior will not be accepted.

###  Health Score

57

—

FairBetter than 98% of packages

Maintenance94

Actively maintained with recent releases

Popularity43

Moderate usage in the ecosystem

Community19

Small or concentrated contributor base

Maturity59

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 60.5% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~18 days

Total

13

Last Release

29d ago

Major Versions

v0.7.0 → v1.0.02025-12-16

PHP version history (2 changes)v0.1.0PHP ^8.2

v0.7.0PHP ^8.3

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/4316564?v=4)[JT Smith](/maintainers/nexxai)[@nexxai](https://github.com/nexxai)

---

Top Contributors

[![nexxai](https://avatars.githubusercontent.com/u/4316564?v=4)](https://github.com/nexxai "nexxai (26 commits)")[![jasonmccreary](https://avatars.githubusercontent.com/u/161071?v=4)](https://github.com/jasonmccreary "jasonmccreary (11 commits)")[![emaadali](https://avatars.githubusercontent.com/u/3521616?v=4)](https://github.com/emaadali "emaadali (2 commits)")[![sertxudev](https://avatars.githubusercontent.com/u/22801379?v=4)](https://github.com/sertxudev "sertxudev (2 commits)")[![laravel-shift](https://avatars.githubusercontent.com/u/15991828?v=4)](https://github.com/laravel-shift "laravel-shift (1 commits)")[![refringe](https://avatars.githubusercontent.com/u/127057?v=4)](https://github.com/refringe "refringe (1 commits)")

---

Tags

cachecloudflarelaravellaravelcachecloudflarecdnCfwaf

###  Code Quality

TestsPest

Code StyleLaravel Pint

### Embed Badge

![Health badge](/badges/nexxai-laravel-cfcache/health.svg)

```
[![Health](https://phpackages.com/badges/nexxai-laravel-cfcache/health.svg)](https://phpackages.com/packages/nexxai-laravel-cfcache)
```

###  Alternatives

[spatie/laravel-responsecache

Speed up a Laravel application by caching the entire response

2.8k9.0M69](/packages/spatie-laravel-responsecache)[laravel/sail

Docker files for running a basic Laravel application.

1.9k205.7M1.3k](/packages/laravel-sail)[laravel/ai

The official AI SDK for Laravel.

1.0k3.2M203](/packages/laravel-ai)[laravel/mcp

Rapidly build MCP servers for your Laravel applications.

77022.3M151](/packages/laravel-mcp)[mike-bronner/laravel-model-caching

Automatic caching for Eloquent models.

2.4k91.9k1](/packages/mike-bronner-laravel-model-caching)[propaganistas/laravel-disposable-email

Disposable email validator

6023.0M7](/packages/propaganistas-laravel-disposable-email)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
