Table of Contents
- Forwarding (Redirects)
- Cache Settings
- Options For All Plan Levels
- Business and Enterprise Options
- Enterprise Only Options
Page Rules give you the ability to take various actions based on the page's URL, such as creating redirects, fine tuning caching behavior, or enabling and disabling our various services.
A Page Rule will take effect on a given URL pattern, matching the following format:
An example using each component would be:
The scheme and port components are both optional. If the scheme is omitted, it will cover both http:// and https:// protocols. If the port is not specified, then the rule will match all ports. You can perform basic wildcard matches by using a ‘*’ symbol in your rule pattern, allowing it to match a series of similar patterns rather than just one.
There are two important things to note with Page Rules:
- Only one Page Rule will take effect on any given request
- Page Rules are given priority in an order from top to bottom
Once a URL matches a rule, only that rule only will be applied - ie. if a Page Rule has already triggered on a request, any subsequent rules that also match the URL pattern will not take effect. As a general rule, we recommend ordering your rules from most specific to least specific.
Page rules can be paused, in which case they will take no action but can still be seen in the list and edited. The Save as Draft option will create a page rule that is paused initially.
The specific actions a Page Rule can take are described below:
Redirects one URL to another using an HTTP 301/302 redirect. The contents of any section of a URL that a wildcard matches can later be referenced using $X syntax. X indicates the index of a glob in the pattern: $1 will be replaced with the first wildcard match, $2 with the second wildcard match, and so on.
Only wildcards can be leveraged in page rules. Full regex support is not currently available.
For example, suppose you set the following rule:
Here, a request to "www.example.com/stuff/things" will be redirected to "http://example.com/stuff/things".
Be careful not to create a redirect where the domain points to itself as a destination. This can cause an infinite redirect error, and the affected URLs will not be able to resolve.
If you want to use a $ in the forwarding URL not as a variable, you will need to escape it, by adding a \ before the $.
Sets caching behavior for any URL matching the page rule pattern, using any of our standard cache levels. The Cache everything setting will cache any content, even if it is not one of our normal static file types. The Bypass setting will prevent caching on that URL.
When specifying cache level via page rules, you can optionally set an edge cache TTL, which controls how long we will retain files in our cache. By default, this setting is to respect all existing headers, which uses standard HTTP caching headers to control cache age. You may set other cache lifetimes directly, depending on your plan.
Browser Cache TTL controls how long resources cached by client browsers remain valid. If a browser requests a resource again and the TTL has not expired, it will receive an HTTP 304 (Not Modified) response. If you send a max-age header that is longer than this TTL, that value will take precedence. Free, Pro, and Business customers can set TTLs ranging from 30 minutes to 1 year; Enterprise customers have additional options down to 30 seconds, and can choose to respect the existing max-age header.
The Following example will set a Rule to cache everything found in the "/images" folder. Cached resources will expire in 5 minutes in the user's browser, and will expire after one day in Cloudflare's datacenters:
The following options are available to all plan levels:
Controls whether we will attempt to serve content from our Always Online cache. You may wish to disable this for sections of your site that should never return cached data, such as APIs or payment/cart pages.
Will turn all Cloudflare Apps on or off.
Enables or disables Mirage.
Controls what mode Rocket Loader operates in.
Controls which of the SSL modes is used.
Controls how high a client threat score must be for a client will encounter a challenge page, and can be used to set part of your site to always present visitors with the Under Attack mode challenge before they can visit your site.
Toggles Email Obfuscation on or off.
Toggles Hotlink Protection on or off.
Toggles your Web Application Firewall rules on or off.
Browser Integrity Check:
Controls how long a user will be permitted to visit your site after they have passed a challenge page (based on your IP Firewall rules and Security Level).
Always Use HTTPS:
Convert any http:// URL to an https:// URL by creating a 301 redirect. This is commonly used if you want to force some sections of your site to HTTPS, which uses certificates to secure the connection between a client and our edge.
IP Geolocation Header:
Includes the country code of the visitor location with all requests to your website. The information will be found in the CF-IPCountry HTTP header.
Disables the following features:
If a rule is set to disable security, and another rule is set to enable the WAF, the WAF rule will take precedence regardless of the order in which they appear.
Disables the following features:
The following option can only be configured by Business and Enterprise customers:
Bypass Cache Cookie (Business and Enterprise Only):
If a cookie name matches the regular expression, then Cloudflare will bypass the "cache everything" rule and fetch resources from the origin server.
The feature allows for basic regex in the value of the cookie:
- A wildcard operator (such as ".*"), so a rule value of "t.*st" would match both a cookie called "test" and one called "teeest".
- A pipe operator (represented by "|") which allows for matching of multiple cookies (e.g. "bypass|PHPSESSID" would bypass if either a cookie called "bypass" or "PHPSESSID" were set).
These operators in any way you want, providing the following validation rules are met:
- Limit of 150 chars per cookie regex
- Limit of 12 wildcards per cookie regex
- Limit of 1 wildcard in between each | in the cookie regex
For specific advice on setting this up with a variety of platforms, please review the following articles:
- Caching Anonymous Page Views with WordPress or WooCommerce
- Caching Anonymous Page Views with Magento 1 and Magento 2
- How do I cache static HTML?
Note: If you add the Enterprise-only "Cache On Cookie" (see below) logic to the same page rule, this will always take precedence over "Bypass Cache Cookie"
The following options can only be configured by Enterprise customers:
Cache On Cookie (Enterprise Only):
If a cookie name matches the regular expression, then Cloudflare will apply "cache everything" for that URL and fetch resources from the cache.
Note: If you add "Bypass Cache Cookie" (see above) logic to the same page rule, Bypass is only applied if the "Cache on Cookie" value is not present in the request.
Validation rules for cookie regex is the same as for Bypass Cache on Cookie (see above).
Host Header Override (Enterprise Only):
Any request matching the URI will have the Host Header overridden to the one you have put in the "Host Header Override" field.
Resolve Override (Enterprise Only):
Changes the origin address for the request to the URL. Users will see the domain name in the browser address bar, but content will be served from the URL in the resolve field.
Custom Cache Key (Enterprise Only):
Control specifically what variables are included when deciding what resources to cache – ie. It allows the user to determine what will cache based on something other than just the URL. Note that the user will not be able to control this directly. Custom cache keys will need to be requested from Cloudflare’s support team.
Query String Sort (Enterprise Only):
Reorders any query strings so that they are all in the same format, which allows for faster cache hit rates.
Origin Error Page Pass Through (Enterprise Only):
Disables Cloudflare error pages that would trigger for issues sent from the origin server, and instead shows the error pages set at the origin.
True Client IP Header (Enterprise Only):
By default, Cloudflare sends back packets with a Cloudflare IP address. If True-Client-IP is enabled, Cloudflare will add a True-Client-IP header in the request sent to the origin with the IP address of the end user.
Max Upload Size (Enterprise Only):
Cloudflare limits the maximum amount of data a visitor can upload per request. The limit is determined by the plan level:
- Free: 100MB
- Pro: 100MB
- Business: 200MB
- Enterprise: 500MB (default)
Response Buffering (Enterprise Only):
Cloudflare will wait until it has the entire file before forwarding it to the end user. By default, Cloudflare sends packets to the client as we receive them.