Cloudflare Version Management
Cloudflare Version Management allows you to safely test, deploy, and roll back changes to your zone configuration settings.
By using Version Management, you can:
- Create independent versions to make changes with no risk of impacting live traffic.
- Safely deploy changes to staging environments ahead of deploy to production.
- Quickly roll back deployed changes when issues occur.
For access, enable Zone Versioning in the Cloudflare dashboard.
Version Management does not currently support or have limited support for the following products or features:
- Some API Shield settings are not cloned when a new zone version is created.
- Customers are allowed to opt-in to remove the UI block that prevents enabling Version Management.
- Cache settings are versioned, but cache keys are not.
- Caching a new URL on staging would cache it for production as well.
- Purging cache on staging would purge it on production too.
- Promoting a new version to production would wipe all exiting cache.
Cache Rules when used with Cloudflare Images
- Image Resizing does not work with the
additional_cacheable_ports Cache Rule setting and Zone Versioning.
- If you use
additional_cacheable_ports with Image Resizing, the image will be resized every time it is requested and will result in low performance.
Workers Cache API
- Workers Cache API does not work with Version Management.
- If you use the Workers Cache API with Zone Versioning, you might encounter unexpected caching behaviours.
- Regardless of the version deployed to production, traffic in China will always target the root zone.
- Other incompatibility issues with Access and ICP licenses.
- Zone Version Management does not currently expose a public API.
- Customers can only use Version Management through the Cloudflare dashboard.
- Domain-scoped Roles apply only to your root zone.
- Once a new version is created, these roles do not copy over and they lose access to versions.
Network Error Logging
- Security Insights are not shown when Zone Versioning is enabled and the first version is deployed to production.
- Zone Version Management does not currently support Terraform.
- Customers should either use Terraform or Version Management.
WAF Attack Score
- Waiting Room users active on the site may be placed back in the queue.
- Waiting Room users in the queue may lose their place in line.
- Traffic may exceed limits.
- If a version has a Worker route, it might disappear when a Worker is deployed via Wrangler.
- If two versions have the same custom domains, the Worker might randomly choose between them.
To use Version Management, the following must all be true:
- Your zone is on an Enterprise plan.
- Your zone is in an active state.
- Your zone uses WAF managed rules.
- Your zone has migrated to use Custom Rules instead of Firewall Rules (deprecated).
- Your account uses the new WAF (if not, contact your account team).
- Your user account must have an API Key provisioned (if not, view your API Key).
- Your user account must have API Access enabled. Refer to control API Access for more information.
- You must use the dashboard to manage versioning.