How To Ensure That Cloudflare Doesn't Impact Coveo For Sitecore
If you have a Sitecore site with Coveo Search and are migrating or setting up said site to utilize Cloudflare, then this article may be of interest to you. There are some key steps you'll want to take note of to ensure that your Coveo search still runs the way you'd expect and your receiving the appropriate results.
Cloudflare Page Rules
You'll want to add appropriate Page Rules to your Cloudflare setup to ensure that both the search pages they're on as well as the API calls that they make are not cached. Depending on how the page is constructed, you may be able to have the page itself be cached. This really depends upon the avenue of how it was built.
Let's open up the Page Rules, found under Rules within the Cloudflare platform for your particular site. And then click Create Page Rule. You'll then see a page similar to the following.
If you're running Coveo for Sitecore, you'll note that the rest API exists within Sitecore itself under /coveo/rest and as such every query goes against your local instance. So let's ensure that query is not cached. If by chance you've configured your search to go directly against the Coveo Cloud Platform, you won't require this step as it won't be impacted by Cloudflare with that external call.
Under URL you can enter something similar to:
www.abccompany.com/coveo/*Under settings, select Cache Level > Bypass, as shown below.
Additional settings are optional.
For order, I recommend putting it First such that it gets triggered immediately.
Cloudflare WAF Settings
Similar to the above setup under Page Rules if you're going against the Coveo Cloud Platform, you can skip this step.
When the search query is set to point to the local /coveo/rest API there are risks that someone could theoretically attempt to inject nefarious code. It's even more important if you have additional Pipelines or Processors that may return content based upon such queries.
With that in mind, I would highly recommend reviewing your logs and identifying URL patterns that show up as "dangerous" and add those as needed to this list. Doing so will not only protect your site but also prevent unnecessary search queries which can impact your licensing if gone unchecked.
Coveo Assets
Lastly, if you are loading any Coveo assets such as the JavaScript files, images, etc. from your local site, I would look to migrating these to either use the JavaScript Search Framework CDN Links or ensure they're being appropriately cached by Cloudflare rules. Given they likely rarely change, you can have them cached for the maximum period.
Those are just a few tips you can work with to ensure your Coveo for Sitecore instance is running smoothly and not impacted by any Cloudflare configurations.
👋 Hey Sitecore Enthusiasts!
Sign up to our bi-weekly newsletter for a bite-sized curation of valuable insight from the Sitecore community.
What’s in it for you?
- Stay up-to-date with the latest Sitecore news
- New to Sitecore? Learn tips and tricks to help you navigate this powerful tool
- Sitecore pro? Expand your skill set and discover troubleshooting tips
- Browse open careers and opportunities
- Get a chance to be featured in upcoming editions
- Learn our secret handshake
- And more!
Meet David Austin
Development Team Lead | Sitecore Technology MVP x 3
📷🕹️👪
David is a decorated Development Team Lead with Sitecore Technology MVP and Coveo MVP awards, as well as Sitecore CDP & Personalize Certified. He's worked in IT for 25 years; everything ranging from Developer to Business Analyst to Group Lead helping manage everything from Intranet and Internet sites to facility management and application support. David is a dedicated family man who loves to spend time with his girls. He's also an avid photographer and loves to explore new places.