This extension comes with a few settings available from the Extension Manager.

Category Basic

  • Use Bearer Authentication : Enables RFC 6750 Bearer Authentication. With this setting enabled, Email is no longer a required field.
  • Email : The e-mail address associated with the API key.
  • API Key : This is the API key made available on your account page (
  • Domains : Once the API key and the email are successfully saved (be sure to click on “Update” button first), a list of domains (or zones in Cloudflare’s terminology) handled by the corresponding account is rendered. Just tick the corresponding check boxes to instruct TYPO3 which domains should get their cache flushed when clearing all caches in TYPO3 Backend.

Category Advanced

  • Cache content over SSL: This checkbox implements a hook of extension nc_staticfilecache and should be ticked in case you would like to cache content over SSL. This is typically useful when securing your website with Cloudflare’s flexible SSL.

  • Purge individual files by URL: This checkbox allows you to purge individual files on Cloudflare’s cache using an URL. Beware: This is still highly experimental.

  • Purge cache by Cache-Tag: This checkbox allows you to purge individual files on Cloudflare’s cache using the associated Cache-Tag. Beware: This option requires an Enterprise account.


    In addition you will need to create a page rule asking to cache everything because HTML content is not cached by default.

  • Originating IPs : This checkbox allows you to restore the originating IPs.

You should consider restoring originating IPs at the Web Server level instead. If using Nginx, please read for instructions.

The official list of Cloudflare’s reverse-proxy IPs (both IPv4 and IPv6) can be found on


If you already are operating your website behind a (local) reverse-proxy, then you MUST configure TYPO3 correctly with a configuration like:

$GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyIP'] = '';
$GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxyHeaderMultiValue'] = 'first';

where is the IP of your reverse-proxy. This is needed in order for this extension to allow the originating IP to be overridden based on the HTTP header HTTP_CF_CONNECTING_IP that is only allowed if the remote IP matches one of the official Cloudflare’s reverse-proxies.

Proxy Settings

  • API Endpoint: An alternate API endpoint/proxy for Cloudflare.

The goal of a proxy for Cloudflare is to solve the problematic of having your client’s domains all managed with a single Cloudflare account without having to share your “administrator credentials” with your clients. In fact, Cloudflare does not provide API credentials on a domain/zone basis but for the whole account which is why you are forced to use “administrator credentials” when configuring this TYPO3 extension.

This proxy setting lets you use a proxy for Cloudflare instead of the real endpoint. The proxy should provide its own authentication mechanism and then forward the request to the real Cloudflare endpoint using the administrator credentials.


A sample proxy you may deploy on your own server is part of the extension and may be downloaded from Forge as well off

The configuration takes place at the end of the file:

// Enter your Cloudflare API credentials below
$proxy = new cloudflareProxy(

// Add a few clients to our proxy
            '627aaac32cbff7210660f400a6451ccc' => 'mydomain.tld',
            '627aaac32cbff7210660f400a6451ccc' => 'somedomain.tld',
            '123aaac32cbff7150660f999a1d2addd' => 'someotherdomain.tld',

Feel free to enhance it to fit your needs!

Allowing Backend users to clear cache on Cloudflare

You can enable the “flash icon” clear cache command for common Backend users by adding following code to user’s and/or user group’s TSconfig:

options.clearCache.cloudflare = 1