Origin Rules
Origin Rules allow you to customize where the incoming traffic will go and with which parameters. Currently you can perform the following overrides:
- Host header: Overrides the
Host
header of incoming requests. - Server Name Indication (SNI): Overrides the Server Name Indication (SNI) value of incoming requests.
- DNS record: Overrides the resolved hostname of incoming requests.
- Destination port: Overrides the resolved destination port of incoming requests.
The origin rule expression will determine when these overrides will be applied.
Availability
Free | Pro | Business | Enterprise | |
Availability | Yes | Yes | Yes | Yes |
Number of rules | 10 | 25 | 50 | 125 |
Override destination port | Yes | Yes | Yes | Yes |
Override DNS records | No | No | No | Yes |
Override Host header | No | No | No | Yes |
Override SNI | No | No | No | Yes |
Execution order
The execution order of Rules features is the following:
The different types of rules listed above will take precedence over Page Rules. This means that Page Rules will be overridden if there is a match for both Page Rules and the Rules products listed above.
Generally speaking, for non-terminating actions the last change made by rules in the same phase will win (later rules can overwrite changes done by previous rules). However, for terminating actions (Block, Redirect, or one of the challenge actions), rule evaluation will stop and the action will be executed immediately.
For example, if multiple rules with the Redirect action match, Cloudflare will always use the URL redirect of the first rule that matches. Also, if you configure URL redirects using different Cloudflare products (Single Redirects and Bulk Redirects), the product executed first will apply, if there is a rule match (in this case, Single Redirects). Refer to the Phases list for the product execution order.
Important remarks
If you override the hostname with an origin rule (via Host
header override or DNS record override) and add a header override to your load balancer configuration, the origin rule will take precedence over the load balancer configuration.
Like Page Rules, an origin rule performing a Host
header override will update the SNI value of the original request to the same value of the Host
header. To set an SNI value different from the Host
header override, add an SNI override in the same origin rule or create a separate origin rule for this purpose.
Troubleshooting
When troubleshooting origin rules, use Cloudflare Trace Beta to determine if a rule is triggering for a specific URL.