How To Ensure That Cloudflare Doesn't Impact Coveo For Sitecore
If you have a Sitecore site with Coveo Search and are migrating or setting up said site to utilize Cloudflare, then this article may be of interest to you. There are some key steps you'll want to take note of to ensure that your Coveo search still runs the way you'd expect and your receiving the appropriate results.
Cloudflare Page Rules
You'll want to add appropriate Page Rules to your Cloudflare setup to ensure that both the search pages they're on as well as the API calls that they make are not cached. Depending on how the page is constructed, you may be able to have the page itself be cached. This really depends upon the avenue of how it was built.
Let's open up the Page Rules, found under Rules
within the Cloudflare platform for your particular site. And then click Create Page Rule
. You'll then see a page similar to the following.
If you're running Coveo for Sitecore, you'll note that the rest API exists within Sitecore itself under /coveo/rest
and as such every query goes against your local instance. So let's ensure that query is not cached. If by chance you've configured your search to go directly against the Coveo Cloud Platform, you won't require this step as it won't be impacted by Cloudflare with that external call.
Under URL
you can enter something similar to:
www.abccompany.com/coveo/*
Under settings, select Cache Level
> Bypass
, as shown below.
Additional settings are optional.
For order, I recommend putting it First
such that it gets triggered immediately.
Cloudflare WAF Settings
Similar to the above setup under Page Rules if you're going against the Coveo Cloud Platform, you can skip this step.
When the search query is set to point to the local /coveo/rest
API there are risks that someone could theoretically attempt to inject nefarious code. It's even more important if you have additional Pipelines or Processors that may return content based upon such queries.
With that in mind, I would highly recommend reviewing your logs and identifying URL patterns that show up as "dangerous" and add those as needed to this list. Doing so will not only protect your site but also prevent unnecessary search queries which can impact your licensing if gone unchecked.
Coveo Assets
Lastly, if you are loading any Coveo assets such as the JavaScript files, images, etc. from your local site, I would look to migrating these to either use the JavaScript Search Framework CDN Links or ensure they're being appropriately cached by Cloudflare rules. Given they likely rarely change, you can have them cached for the maximum period.
Those are just a few tips you can work with to ensure your Coveo for Sitecore instance is running smoothly and not impacted by any Cloudflare configurations.