Page Rules Tutorial

Table of Contents

  1. Overview
  2. Forwarding (URL Redirection)
  3. Custom Caching
  4. Options For All Plan Levels
  5. Options for Business & Enterprise
  6. Options for Enterprise Plan

Check out our Page Rules video tutorials here:



Page Rules give you the ability to take various actions based on the page's URL, such as creating redirects, fine tuning caching behavior, or enabling and disabling our various services.

A Page Rule will take effect on a given URL pattern, matching the following format:


An example using each component would be:

The scheme and port components are both optional. If the scheme is omitted, it will cover both http:// and https:// protocols. If the port is not specified, then the rule will match all ports. You can perform basic wildcard matches by using a ‘*’ symbol in your rule pattern, allowing it to match a series of similar patterns rather than just one.

There are two important things to note with Page Rules:

  1. Only one Page Rule will take effect on any given request
  2. Page Rules are given priority in an order from top to bottom

Once a URL matches a rule, only that rule only will be applied - ie. if a Page Rule has already triggered on a request, any subsequent rules that also match the URL pattern will not take effect. As a general rule, we recommend ordering your rules from most specific to least specific.

Page rules can be paused, in which case they will take no action but can still be seen in the list and edited. The Save as Draft option will create a page rule that is paused initially.


Forwarding (URL Redirection)

Redirects one URL to another using an HTTP 301/302 redirect. The contents of any section of a URL that a wildcard matches can later be referenced using $X syntax. X indicates the index of a glob in the pattern: $1 will be replaced with the first wildcard match, $2 with the second wildcard match, and so on.

For example, suppose you set the following rule:

Here, a request to "" will be redirected to "".

Be careful not to create a redirect where the domain points to itself as a destination. This can cause an infinite redirect error, and the affected URLs will not be able to resolve.

Redirecting to HTTPS

If you want to redirect your visitors to use HTTPS, just use the Always Use HTTPS setting instead:



Custom Caching

Sets caching behavior for any URL matching the page rule pattern, using any of our standard cache levels. The Cache everything setting will cache any content, even if it is not one of our normal static file types. The Bypass setting will prevent caching on that URL.

When specifying cache level via page rules, you can optionally set an edge cache TTL, which controls how long we will retain files in our cache. By default, this setting is to respect all existing headers, which uses standard HTTP caching headers to control cache age. You may set other cache lifetimes directly, depending on your plan.

Browser Cache TTL controls how long resources cached by client browsers remain valid. If a browser requests a resource again and the TTL has not expired, it will receive an HTTP 304 (Not Modified) response. If you send a max-age header that is longer than this TTL, that value will take precedence. Free, Pro, and Business customers can set TTLs ranging from 30 minutes to 1 year; Enterprise customers have additional options down to 30 seconds, and can choose to respect the existing max-age header.

Not all default caching behaviors are strictly RFC-compliant. Setting Origin Cache Control via page rules uses a newer set of caching rules that seeks to adhere more closely to RFCs, primarily with respect to revalidation--for example, our default behavior with max-age=0 is to not cache at all, whereas setting Origin Cache Control caches but always revalidates.

The Following example will set a Rule to cache everything found in the "/images" folder. Cached resources will expire in 5 minutes in the user's browser, and will expire after one day in Cloudflare's datacenters:


Options for All Plan Levels

Always Online:

Controls whether we will attempt to serve content from our Always Online cache. You may wish to disable this for sections of your site that should never return cached data, such as APIs or payment/cart pages.

Disable Apps:

Will turn off all Cloudflare Apps.


Enables or disables Mirage.

Rocket Loader:

Controls what mode Rocket Loader operates in.


Controls which of the SSL modes is used. 

Server Side Excludes:

Enables or disables server side excludes.

Security Level:

Controls how high a client threat score must be for a client will encounter a challenge page, and can be used to set part of your site to always present visitors with the Under Attack mode challenge before they can visit your site.

Email Obfuscation:

Toggles Email Obfuscation on or off.


Toggles your Web Application Firewall rules on or off. 

Browser Integrity Check:

Controls whether we will inspect a user's browser for headers commonly associated with certain bots.

Challenge TTL:

Controls how long a user will be permitted to visit your site after they have passed a challenge page (based on your IP Firewall rules and Security Level).

Always Use HTTPS:

Convert any http:// URL to an https:// URL by creating a 301 redirect. This is commonly used if you want to force some sections of your site to HTTPS, which uses certificates to secure the connection between a client and our edge. Note: If you do not see this option available it is because you do not have an active Edge Certificate yet.

IP Geolocation Header:

Includes the country code of the visitor location with all requests to your website. The information will be found in the CF-IPCountry HTTP header.

Disable Security:

Disables the following features:

If a rule is set to disable security, and another rule is set to enable the WAF, the WAF rule will take precedence regardless of the order in which they appear. Additionally Disable Security has no effect on checks for IP reputation. To disable those, you should also set the Security Level setting to Essentially Off in your rule.

Disable Performance:

Disables the following features:


Options for Business and Enterprise Plan Levels

Bypass Cache Cookie (Business & Enterprise Only):

If a cookie name matches the regular expression, then Cloudflare will bypass the "Cache Everything" rule and fetch resources from the origin server.


Options for Enterprise Plan Level

Cache On Cookie (Enterprise Only):

If a cookie name matches the regular expression, then Cloudflare will apply "cache everything" for that URL and fetch resources from the cache.

Host Header Override (Enterprise Only):

Any request matching the URI will have the Host Header overridden to the one you have put in the "Host Header Override" field.

Resolve Override (Enterprise Only):

Changes the origin address for the request to the URL. Users will see the domain name in the browser address bar, but content will be served from the URL in the resolve field.

Custom Cache Key (Enterprise Only):

Control specifically what variables are included when deciding what resources to cache – ie. It allows the user to determine what will cache based on something other than just the URL. Note that the user will not be able to control this directly. Custom cache keys will need to be requested from Cloudflare’s support team.

Query String Sort (Enterprise Only):

Reorders any query strings so that they are all in the same format, which allows for faster cache hit rates.

Origin Error Page Pass Through (Enterprise Only):

Disables Cloudflare error pages that would trigger for issues sent from the origin server, and instead shows the error pages set at the origin.

True Client IP Header (Enterprise Only):

By default, Cloudflare sends back packets with a Cloudflare IP address. If True-Client-IP is enabled, Cloudflare will add a True-Client-IP header in the request sent to the origin with the IP address of the end user.

Max Upload Size (Enterprise Only):

Cloudflare limits the maximum amount of data a visitor can upload per request. The limit is determined by the plan level:

  • Free: 100MB
  • Pro: 100MB
  • Business: 200MB
  • Enterprise: 500MB (default)


Response Buffering (Enterprise Only):

Cloudflare will wait until it has the entire file before forwarding it to the end user. By default, Cloudflare sends packets to the client as we receive them.

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk