Cloudflare and I would assume other caching services by default do not cache files with certain extensions like .php There are options to create custom cache rules  for whatever you want regardless of the source. 

The cache header for files served through file.php is set to private as it should be as a default otherwise you run the risk of caching files in PM's or private forums. Since there is no way for the caching service to determine what to cache there is no way to allow caching of attachments unless you want to expose non public files to the public.

A check should be performed to see if the file is publicly accessible and if so set the header to public allowing caching of attachments that are not in private forums or PM's. This is not Cloudflare specific but would apply to any caching service that is going to respect the header.