Origin Rules
Origin Rules allow you to customize where the incoming traffic will go and with which parameters. Currently you can perform the following overrides:
- Host header: Overrides the
Host
header of incoming requests. - Server Name Indication (SNI): Overrides the Server Name Indication (SNI) value of incoming requests.
- DNS record: Overrides the resolved hostname of incoming requests.
- Destination port: Overrides the resolved destination port of incoming requests.
The origin rule expression will determine when these overrides will be applied.
For more complex and customized modifications, consider using Snippets.
Cloudflare provides you with rules templates for common use cases. In the dashboard, go to your zone > Rules > Templates and select one of the available templates. You can also refer to the Examples gallery in the developer docs.
Free | Pro | Business | Enterprise | |
---|---|---|---|---|
Availability | Yes | Yes | Yes | Yes |
Number of rules | 10 | 25 | 50 | 125 |
Override Host header | No | No | No | Yes |
Override SNI | No | No | No | Yes |
Override DNS records | No | No | No | Yes |
Override destination port | Yes | Yes | Yes | Yes |
The execution order of Rules features is the following:
The different types of rules listed above will take precedence over Page Rules. This means that Page Rules will be overridden if there is a match for both Page Rules and the Rules products listed above.
Generally speaking, for non-terminating actions the last change made by rules in the same phase will win (later rules can overwrite changes done by previous rules). However, for terminating actions (Block, Redirect, or one of the challenge actions), rule evaluation will stop and the action will be executed immediately.
For example, if multiple rules with the Redirect action match, Cloudflare will always use the URL redirect of the first rule that matches. Also, if you configure URL redirects using different Cloudflare products (Single Redirects and Bulk Redirects), the product executed first will apply, if there is a rule match (in this case, Single Redirects). Refer to the Phases list for the product execution order.
If you override the hostname with an origin rule (via Host
header override or DNS record override) and add a header override to your load balancer configuration, the origin rule will take precedence over the load balancer configuration.
Like Page Rules, an origin rule performing a Host
header override will update the SNI value of the original request to the same value of the Host
header. To set an SNI value different from the Host
header override, add an SNI override in the same origin rule or create a separate origin rule for this purpose.
When troubleshooting origin rules, use Cloudflare Trace to determine if a rule is triggering for a specific URL.