Rule examples: PrestaShop
This page documents the exact PrestaShop ruleset that Paradarum ships as a one-click preset: long-lived caching for static assets, a short cache for catalog pages, and full bypass for the admin, cart, and checkout flows. You can build it from the tables below or apply the whole bundle from the CMS Presets Quick Setup card.
:::tip Apply it in one click Open the Quick Setup card on the property's General settings page, choose PrestaShop, and click Apply Preset. Paradarum creates each rule below as an individual, editable cache rule. See CMS Presets for the full flow. :::
:::info Keep the cache fresh automatically These rules control what is cached. To automatically purge the cache when products, categories or CMS pages change, install the Paradarum CDN Purge module for PrestaShop. :::
Cache rules
PrestaShop serves a catalog that changes often (prices, stock) alongside per-customer pages (cart, checkout, account). The preset caches static assets for 30 days, gives catalog pages a short 5-minute cache, and bypasses the cart, order, and admin paths entirely.
The patterns use nginx-style location matching: ~* is a case-insensitive regex on the URI, ^~ is a prefix match, and the bare / is the catch-all fallback that runs last.
| Order | Path / pattern | Match | TTL (seconds) | Meaning |
|---|---|---|---|---|
| 1 | ~* \.(jpg|jpeg|png|gif|ico|css|js|woff2)$ | Regex | 2592000 | Static assets cached 30 days |
| 2 | ^~ /admin | Starts with | 0 | Admin back office — never cached |
| 3 | ^~ /cart | Starts with | 0 | Cart — never cached |
| 4 | ^~ /order | Starts with | 0 | Checkout / order — never cached |
| 10 | / | Catch-all | 300 | Catalog & pages cached 5 minutes |
:::info TTL of 0 means bypass
A TTL of 0 seconds tells the edge never to cache that location. The cart, order, and admin paths are set to 0 so customers always see their own live state. The catch-all / rule is given order 10 so it runs last, after the bypass rules.
:::
:::warning Adjust the admin path and cookie names to your install
Real PrestaShop installations rename the admin folder to a randomized name for security (for example /admin_a1b2c3xyz instead of /admin) — and the same is true for Magento back ends. The ^~ /admin rule in this preset assumes the default path, so if you have renamed yours, edit the rule's pattern to match your actual admin folder. Likewise, confirm the cookie names below match your store's session cookies. If the admin path is wrong, your back office may be cached or its bypass rule may silently miss.
:::
Create the cache rules via the API
Each preset rule maps to a POST /api/Property/{propertyId}/rules/cache call against https://api.paradarum.com. The examples below use a property ID of 123 and an account API key sent in the X-API-Key header. A panel JWT via Authorization: Bearer <JWT> works too.
# 1. Static assets — 30 days
curl -X POST \
-H "X-API-Key: pdm_YOUR_KEY" \
-H "Content-Type: application/json" \
https://api.paradarum.com/api/Property/123/rules/cache \
-d '{
"name": "PS: Cache Static Assets (30d)",
"pattern": "\\.(jpg|jpeg|png|gif|ico|css|js|woff2)$",
"matchType": 4,
"ttlSeconds": 2592000,
"description": "Applied from PrestaShop preset",
"order": 1,
"isEnabled": true
}'
# 2. Admin back office — never cache (adjust path to your randomized admin folder!)
curl -X POST \
-H "X-API-Key: pdm_YOUR_KEY" \
-H "Content-Type: application/json" \
https://api.paradarum.com/api/Property/123/rules/cache \
-d '{
"name": "PS: Bypass admin",
"pattern": "/admin",
"matchType": 2,
"ttlSeconds": 0,
"description": "Applied from PrestaShop preset",
"order": 2,
"isEnabled": true
}'
# 3. Cart — never cache
curl -X POST \
-H "X-API-Key: pdm_YOUR_KEY" \
-H "Content-Type: application/json" \
https://api.paradarum.com/api/Property/123/rules/cache \
-d '{
"name": "PS: Bypass cart",
"pattern": "/cart",
"matchType": 2,
"ttlSeconds": 0,
"description": "Applied from PrestaShop preset",
"order": 3,
"isEnabled": true
}'
# 4. Order / checkout — never cache
curl -X POST \
-H "X-API-Key: pdm_YOUR_KEY" \
-H "Content-Type: application/json" \
https://api.paradarum.com/api/Property/123/rules/cache \
-d '{
"name": "PS: Bypass checkout",
"pattern": "/order",
"matchType": 2,
"ttlSeconds": 0,
"description": "Applied from PrestaShop preset",
"order": 4,
"isEnabled": true
}'
# 10. Catch-all catalog & pages — 5 minutes
curl -X POST \
-H "X-API-Key: pdm_YOUR_KEY" \
-H "Content-Type: application/json" \
https://api.paradarum.com/api/Property/123/rules/cache \
-d '{
"name": "PS: Cache Pages (5min)",
"pattern": "/",
"ttlSeconds": 300,
"description": "Applied from PrestaShop preset",
"order": 10,
"isEnabled": true
}'
The matchType integers are Equals=0, Contains=1, StartsWith=2, EndsWith=3, Regex=4. The catch-all / rule omits matchType because it is a bare fallback pattern. See match operators for the full mapping.
:::note Changes propagate when the edge polls Creating or editing a rule does not push to the OpenResty edge synchronously — the edge polls configuration, so changes go live within a short interval rather than instantly. :::
Bypass cookies
To keep per-customer state out of the shared cache, the PrestaShop preset bypasses caching whenever either of these cookie name prefixes is present:
| Cookie prefix | Set when |
|---|---|
PrestaShop- | A customer has an active PrestaShop session (cart, login, currency, etc.) |
PHPSESSID | A PHP session is active |
These map to a bypass_cookies array inside a rule's featuresJson. Attach them to the catch-all catalog rule so any shopper with an active session always receives a fresh page:
{
"name": "PS: Cache Pages (5min)",
"pattern": "/",
"ttlSeconds": 300,
"order": 10,
"isEnabled": true,
"featuresJson": "{\"bypass_cookies\":[\"PrestaShop-\",\"PHPSESSID\"]}"
}
:::warning Bypass cookies are not auto-applied by Quick Setup
Quick Setup creates the cache rules and applies general settings, but it does not attach the preset's bypass-cookie list automatically. After applying the PrestaShop preset, open the catch-all page rule and add PrestaShop- and PHPSESSID under Location Features → Cache Bypass Cookies (or include them in featuresJson as shown). Without this, customers risk being served another shopper's cached page.
:::
Recommended security
The PrestaShop preset recommends a strict WAF profile — block mode at high security level, all OWASP rule groups on, with rate limiting (threshold 120, ban duration 600 seconds). WAF is configured separately from the Quick Setup apply action, in the WAF section of your dashboard.
Where to go next
- CMS Presets (Quick Setup) — apply this entire bundle in one click.
- Cache rules — TTLs and Location Features (bypass cookies, cache key, minification, WebP) in depth.
- Match operators — the five URL match types and the
matchTypeintegers. - Rule examples: WordPress — the WordPress preset reference.
- Caching and query strings — query-string cache-key behavior at the property level.