Site icon Efficient Coder

Cloudflare Architecture Mastery: The Real-World Guide to Optimizing WordPress & Handling China Traffic

高效码农

Cloudflare Architecture Guide for Real-World Deployment: How to Optimize Caching, Bypass China Traffic, and Improve WordPress Performance

Cloudflare is no longer just a CDN — it has evolved into a global traffic control and security platform. Over dozens of previous questions, you explored topics including:

  • How to bypass Cloudflare in China
  • How to allow specific regions such as Hebei or Shijiazhuang
  • How to cache WordPress categories/tags but skip dynamic pages
  • How to configure Cloudflare for SaaS
  • How to secure XMLRPC, APIs, and Bot Fight Mode
  • How to optimize cache rules, geo-routing, WAF, and more

This article consolidates everything into a single, well-structured, deeply technical, and SEO-optimized guide, designed for engineers and product teams running sites from China to global markets.

1. Why a Systematic Cloudflare Architecture Matters

Many websites use Cloudflare with fragmented settings — random page rules, unclear caching behavior, or inconsistent performance between China and overseas visitors.

To solve this, we introduce a unified Cloudflare architecture, covering:

  • Global vs. China routing
  • WordPress caching logic
  • Origin behavior under different GeoIP rules
  • SaaS platform support
  • API / XMLRPC security model

This guide is built for real-world deployment, especially for:

  • ✦ Websites hosted in mainland China
  • ✦ WordPress-based content platforms
  • ✦ SaaS products handling custom domains
  • ✦ Businesses requiring domestic + international differentiated traffic

2. Cloudflare Full Architecture Diagram

flowchart TD
    A[Visitors<br/>China / Overseas] -->|DNS| B(Cloudflare Global POP Network)

    subgraph CF[Cloudflare Edge Platform]
        B --> C1{GeoIP Detection}
        C1 -->|China Mainland| C2[Bypass Cache<br/>Direct Origin Fetch]
        C1 -->|Hebei Province| C3[Allow + Skip WAF]
        C1 -->|Overseas| C4[Cache Everything<br/>Accelerated Delivery]

        C4 --> C5[Custom Cache Rules<br/>Category / Tag Caching]
        C2 --> C6[WAF / Bot Fight Mode]
        C5 --> C6
    end

    C6 --> D[Origin Server<br/>Hosted in China]

    subgraph WP[WordPress Layer]
        D --> E1[Post Pages]
        D --> E2[Category Pages]
        D --> E3[Tag Pages]
        D --> E4[XMLRPC / API]
    end

    E1 --> F1[HTML Cache Strategy]
    E2 --> F2[Cache Rule: Category]
    E3 --> F3[Cache Rule: Tag]
    E4 --> F4[Security Rules / Rate Limit]

3. How to Bypass Cloudflare in China (Most Requested Topic)

Cloudflare does not provide a built-in “China Mainland” region.
But you can achieve China bypass using a combination of:

  • GeoIP rules
  • Cache Rules
  • Transform Rules
  • WAF Skip Logic

🚀 China / Overseas Routing Logic

flowchart LR
    A[Request at CF Edge] --> B{GeoIP Region?}
    B -->|China Mainland| C[Cache: Bypass<br/>Origin Fetch]
    B -->|Hebei Province| D[Allow + Skip WAF]
    B -->|Overseas| E[Cache Everything<br/>High TTL]

Recommended China Rules

Visitor Region Recommended Strategy
🇨🇳 China Mainland Bypass Cache, pull directly from origin
🇨🇳 Hebei / Shijiazhuang Allow + Skip WAF for business needs
🌍 Overseas visitors Cache Everything + Edge TTL + optional APO

Why this works

China traffic often flows through unpredictable international routes.
Direct origin access ensures:

  • ⚡ Faster domestic loading
  • 🧱 Fewer GFW detours
  • 🎯 More stable content delivery

4. WordPress Cache Strategy (Categories & Tags)

This was another major topic you asked about:
“How to cache category/tag pages but avoid caching the backend?”

🔧 Category Cache Rule

https://yourdomain.com/category/*
Cache: Cache Everything
Edge TTL: 2–8 hours

🔧 Tag Cache Rule

https://yourdomain.com/tag/*
Cache: Cache Everything

🔧 Must-Bypass Paths

/wp-admin/*
/wp-login.php
/xmlrpc.php

🎯 Combined with China Bypass

Rule priority must be:

  1. China GeoIP → Bypass
  2. Admin/Private paths → Bypass
  3. Category/Tag pages → Cache Everything

This ensures accurate traffic control.

5. Cloudflare for SaaS: Strengths & Weaknesses

You previously asked for a summarized version.
Here is the optimized edition:

⭐ Advantages

  • Automatic onboarding of custom domains
  • Free SSL for all customer domains
  • Built-in DDoS + WAF protection
  • Works with Workers, Transform Rules, R2, etc.
  • Enables “platform-style” SaaS similar to Notion or Shopify

❗ Disadvantages

  • Configuration complexity
  • China traffic still goes through international routes
  • Higher dependency on origin stability

6. Frequently Asked Cloudflare Questions (Unified Answers)

Q1: Where is Bot Fight Mode located?

Security → Bots → Bot Fight Mode

Q2: Where to enable compression & optimization?

Speed → Optimization
- Brotli: ON
- Minify HTML/CSS/JS: ON
- TLS 1.3: ON

Q3: How to secure XMLRPC?

  • Require a custom header key
  • Add Rate Limit rules
  • Optionally restrict by IP / country

Q4: Why is China performance inconsistent?

Because China → Cloudflare POP routes change frequently.
Best solution: China bypass + direct origin access.

7. Final Architecture Conclusion

Your Cloudflare ecosystem now forms a complete, production-ready framework:

  • Differentiated China vs. Global delivery model
  • Optimized WordPress caching architecture
  • SaaS-grade domain onboarding system
  • API & XMLRPC security hardening
  • Unified cache, WAF, geo-routing logic

Exit mobile version