Skip to content
Cloudflare Docs

Supported fields and operators

The fields that are supported by load balancing rules depend on whether Cloudflare proxies the traffic going through your load balancer or not.

If you use the wrong set of fields, you might see unexpected behaviors. For best results, use the fields associated with your traffic’s proxy status.

Also, some Load Balancing rules fields are available on the Expression Builder - as described in Load Balancing expressions - while others can only be configured manually, via API or Expression Editor

Expression Builder field sets

Consider the following table to know how the fields available in the Expression Builder are grouped.

Field SetSection in Expression BuilderDescription
Fields supported regardless of proxyBOTHValues that are always accessible regardless of the load balancer proxy status.
Proxied-only fieldsPROXIED ONLYValues accessible only when the load balancer is proxied.
Unproxied-only fieldsNON-PROXIED ONLYValues accessible only when the load balancer is not proxied (DNS-only traffic).
Choose load balancer fields based on the proxy status header

Fields supported regardless of proxy

Regardless of your traffic proxy status, Load Balancing rules can access values for the following fields:

FieldName in Expression BuilderDescription
cf.load_balancer.name
Bytes		Load Balancer Name

Represents the name of the load balancer executing these rules.

Example value:
lb.example.com

cf.load_balancer.region
Bytes		Load Balancer Region

Provides the region name of the data center processing the request.

Example value:
ENAM

ip.src
IP address		IP Source Address

If proxied, this field provides the client TCP IP address, which may be adjusted to reflect the actual address of the client by using HTTP headers such as X-Forwarded-For or X-Real-IP.

If unproxied (DNS-only), this field provides the ECS source address, if available. If not available, it provides the client resolver IP address.

Deprecation Warning: In the future, this field will always be set to the client resolver IP address for unproxied requests. To check for the presence of ECS and use the ECS IP, see the fields dns.rr.opt.client and dns.rr.opt.client.addr, respectively.

Example value:
1.2.3.4

Proxied-only fields

If your traffic is proxied through Cloudflare, you have access to all the fields listed under Fields supported regardless of proxy in addition to the following fields:

Many of these fields are referenced from the Rules language documentation.

FieldName in Expression BuilderDescription
http.host
String		(Manual entry only)

Represents the hostname used in the full request URI.

Example value:
www.example.org

http.referer
String		(Manual entry only)

Represents the HTTP Referer request header, which contains the address of the web page that linked to the currently requested page.

Example value:
Referer: htt­ps://developer.example.org/en-US/docs/Web/JavaScript

http.request.headers
Map<Array<String>>		Header

Represents HTTP request headers as a Map (or associative array).

The keys of the associative array are the names of HTTP request headers converted to lowercase.

When there are repeating headers, the array includes them in the order they appear in the request.

Decoding: no decoding performed
Whitespace: preserved
Non-ASCII: preserved

Example:
any(http.request.headers[“content-type”][*] == “application/json”)

Example value:
{"content-type": ["application/json"]}

http.request.method
String		Request Method

Represents the HTTP method, returned as a string of uppercase characters.

Example value:
GET

http.request.timestamp.sec
Integer		Timestamp

Represents the timestamp when Cloudflare received the request, expressed as Unix time in seconds. This value is 10 digits long.

Example value:
1484063137

http.request.uri
String		URI

Represents the URI path and query string of the request.

Example value:
/articles/index?section=539061&expand=comments

http.request.uri.args
Map<Array<String>>		(Manual entry only)

Represents the HTTP URI arguments associated with a request as a Map (associative array).

When an argument repeats, then the array contains multiple items in the order they appear in the request.

The values are not pre-processed and retain the original case used in the request.

Decoding: no decoding performed
Non-ASCII: preserved

Example:
any(http.request.uri.args[“search”][*] == “red+apples”)

Example value:
{"search": ["red+apples"]}

http.request.uri.args.names
Array<String>		(Manual entry only)

Represents the names of the arguments in the HTTP URI query string. The names are not pre-processed and retain the original case used in the request.

When a name repeats, the array contains multiple items in the order that they appear in the request.

Decoding: no decoding performed
Non-ASCII: preserved

Example:
any(http.request.uri.args.names[*] == “search”)

Example value:
[“search”]

http.request.uri.args.values
Array<String>		(Manual entry only)

Represents the values of arguments in the HTTP URI query string. The values are not pre-processed and retain the original case used in the request. They are in the same order as in the request.

Duplicated values are listed multiple times.

Decoding: no decoding performed
Non-ASCII: preserved

Example:
any(http.request.uri.args.values[*] == “red+apples”)

Example value:
[“red+apples”]

http.request.uri.path
String		URI Path

Represents the URI path of the request.

Example value:
/articles/index

http.request.uri.query
String		URI Query

Represents the entire query string, without the ? delimiter.

Example value:
section=539061&expand=comments

http.request.version
String		HTTP Version

Represents the version of the HTTP protocol used. Use this field when you require different checks for different versions.

Example Values:

  • HTTP/1.1
  • HTTP/3

Unproxied-only fields

If your traffic is not proxied through Cloudflare, you have access to all the fields listed under Fields supported regardless of proxy in addition to the following fields:

FieldName in Expression BuilderDescription
dns.qry.name
Bytes		Query Name

Represents the query name asked.

Example value:
example.com.

dns.qry.name.len
Integer		Query Name Length

Represents the length in bytes of the query name.

Example value:
123

dns.qry.qu
Boolean		Question

When true, this field indicates that the received DNS message was a question.

dns.qry.type
Integer		Query Type

Represents the numeric value of the DNS query type.

Example Values:

  • 1 (A record)
  • 28 (AAAA record)
dns.rr.opt.client
Boolean		(Manual entry only)

When true, this field indicates that the EDNS Client Subnet (ECS) address was sent with the DNS request.

dns.rr.opt.client.addr
String		(Manual entry only)

If present, this field represents the ECS address sent with the DNS request.

Example value:
1.2.3.0

Operators and grouping symbols

  • Comparison operators specify how values defined in an expression must relate to the actual HTTP request value for the expression to return true.

  • Logical operators combine two expressions to form a compound expression and use order of precedence to determine how an expression is evaluated.

  • Grouping symbols allow you to organize expressions, enforce operator precedence, and nest expressions.

For examples and usage, refer to Operators and grouping symbols in the Rules language documentation.

Cloudflare DashboardDiscordCommunityLearning CenterSupport Portal
Cookie Settings