Understanding and configuring Cloudflare Page Rules (Page Rules Tutorial)
Overview
You can define a page rule to trigger one or more actions whenever a certain URL pattern is matched. Page Rules are available in the Rules app, in the Page Rules tab.
The default number of allowed page rules depends on the domain plan as shown below.
| Free | Pro | Business | Enterprise | |
Availability | Yes | Yes | Yes | Yes |
Number of rules | 3 | 20 | 50 | 125 |
You can purchase additional rules (up to a maximum of 100) for domains in the Free, Lite, Pro, Pro Plus, and Business plans.
Before getting started
It is important to understand two basic Page Rules behaviors:
- Only the highest priority matching page rule takes effect on a request.
- Page rules are prioritized in descending order in the Cloudflare dashboard, with the highest priority rule at the top.
A page rule matches a URL pattern based on the following format (comprised of five segments): An example URL with these four segments looks like: The scheme and port segments are optional. If omitted, scheme matches both http:// and https:// protocols. If no port is specified, the rule will match all ports. Finally, you can disable a page rule at any time. While a rule is disabled, actions won’t trigger, but the rule still appears in the Rules app in the Page Rules tab, is editable, and counts against the number of rules allowed for your domain. The Save as Draft option creates a page rule that is disabled by default. The steps to create a page rule are: To modify an existing rule: You can use the asterisk (*) in any URL segment to match certain patterns. For example, Would match: example.com/foo/* does not match example.com/foo. However, example.com/foo* does. You can reference a matched wildcard later using the $X syntax. X indicates the index of a glob pattern. As such, $1 represents the first wildcard match, $2 the second wildcard match, and so on. This is specifically useful with the Forwarding URL setting. For example: You could forward: to: This rule would match: which ends up being forwarded to: To use a literal $ character in the forwarding URL, escape it by adding a backslash (\) in front: \$. Settings control the action Cloudflare takes once a request matches the URL pattern defined in a page rule. You can use settings to enable and disable multiple Cloudflare features across several of the dashboard apps. Note that: Below is the full list of settings available, presented in the order that they appear in the Cloudflare Page Rules UI. Page Rule configuration issue leading to “Error 500 (Internal server error)” Root cause: This may be due to a configuration issue on a Page Rule. When creating a Page Rule that uses two wildcards, like a Forwarding URL rule, it is possible to create a rule that mentions the second wildcard with the $2 placeholder. Refer to the example below: When updating the same rule, you can remove one of the wildcard in the If the URL matches field and save it. Refer to the example below: If you do so, the $2 placeholder reference a wildcard that does not exist anymore, and as such, an “Error 500 (Internal server error)” is thrown when a URL triggers the page rule. Resolution: Update the Page Rule and remove the reference $2 to the second wildcard. If there is only one wildcard, then only $1 can be used. This setting is available to business and enterprise customers. The Bypass Cache on Cookie setting supports basic regular expressions (regex) as follows: Limitations include: To learn how to configure Bypass Cache on Cookie with a variety of platforms, review these articles: Note: If you add both this setting and the enterprise-only Cache On Cookie setting to the same page rule, Cache On Cookie takes precedence over Bypass Cache on Cookie. When saving a Page Rule, Cloudflare will ensure that there is a slash after each occurrence of the current zone name in the If the URL matches field. For example, if the current zone name is Note that If you specify a port in the If the URL matches field of a Page Rule, it must be one of the following: If the URL of the current request matches both a Page Rule and a Workers custom route, some Pages Rules settings will not be applied. For details on using Page Rules with Workers, refer to Workers: Page Rules in the developers documentation.
Create a page rule
Edit a page rule
Understand wildcard matching and referencing
Helpful tips
Referencing wildcard matches
Summary of Page Rules Settings
Setting Description Plans Always Use HTTPS Turn on or off the Always Use HTTPS feature of the Edge Certificates tab in the Cloudflare SSL/TLS app. If enabled, any http:// URL is converted to https:// through a 301 redirect.
If this option does not appear, you do not have an active Edge Certificate.All Auto Minify Indicate which file extensions to minify automatically.
Learn more. All Automatic HTTPS Rewrites Turn on or off the Cloudflare Automatic HTTPS Rewrites feature of the Edge Certificates tab in Cloudflare SSL/TLS app. Learn more. All Browser Cache TTL Control how long resources cached by client browsers remain valid. The Cloudflare UI and API both prohibit setting Browser Cache TTL to 0 for non-Enterprise domains. Learn more. All Browser Integrity Check Inspect the visitor’s browser for headers commonly associated with spammers and certain bots.
Learn more. All Bypass Cache on Cookie Bypass Cache and fetch resources from the origin server if a regular expression matches against a cookie name present in the request.
If you add both this setting and the Cache On Cookie setting to the same page rule, Cache On Cookie takes precedence over Bypass Cache on Cookie.
Refer to the Additional details below to learn about limited regular expression support.Business and Enterprise Cache By Device Type Separate cached content based on the visitor’s device type. Learn more. Enterprise Cache Deception Armor Protect from web cache deception attacks while still allowing static assets to be cached. This setting verifies that the URL’s extension matches the returned Content-Type. Learn more. All Cache Key Also referred to as Custom Cache Key.
Control specifically what variables to include when deciding which resources to cache. This allows customers to determine what to cache based on something other than just the URL. Learn more.Enterprise Cache Level Apply custom caching based on the option selected:
Bypass - Cloudflare does not cache.
No Query String - Delivers resources from cache when there is no query string.
Ignore Query String - Delivers the same resource to everyone independent of the query string.
Standard - Caches all static content that has a query string.
Cache Everything - Treats all content as static and caches all file types beyond the Cloudflare default cached content. Respects cache headers from the origin web server unless Edge Cache TTL is also set in the Page Rule. When combined with an Edge Cache TTL > 0, Cache Everything removes cookies from the origin web server response. All Cache on Cookie Apply the Cache Everything option (Cache Level setting) based on a regular expression match against a cookie name.
If you add both this setting and Bypass Cache on Cookie to the same page rule, Cache On Cookie takes precedence over Bypass Cache on Cookie.Business and above Cache TTL by Status Code Enterprise customers can set cache time-to-live (TTL) based on the response status from the origin web server. Cache TTL refers to the duration of a resource in the Cloudflare network before being marked as stale or discarded from cache. Status codes are returned by a resource’s origin. Setting cache TTL based on response status overrides the default cache behavior (standard caching) for static files and overrides cache instructions sent by the origin web server. To cache non-static assets, set a Cache Level of Cache Everything using a Page Rule . Setting no-store Cache-Control or a low TTL (using max-age/s-maxage) increases requests to origin web servers and decreases performance.
Learn more. Enterprise Disable Apps Turn off all active Cloudflare Apps. All Disable Performance Turn off Auto Minify, Rocket Loader, Mirage, and Polish All Disable Railgun Turn off the Railgun feature of the Cloudflare Speed app Business and above Disable Security Turn off Email Obfuscation, Rate Limiting (previous version), Scrape Shield, Server Side Excludes, URL (Zone) Lockdown, and WAF managed rules (previous version) All Edge Cache TTL Specify how long to cache a resource in the Cloudflare global network. Edge Cache TTL isn’t visible in response headers. All Email Obfuscation Turn on or off the Cloudflare Email Obfuscation feature of the Cloudflare Scrape Shield app.
Learn more. All Forwarding URL Redirects one URL to another using an HTTP 301/302 redirect. Refer to
Understand wildcard matching and referencing above. All Host Header Override Apply a specific host header.
Learn more. Enterprise IP Geolocation Header Cloudflare adds a CF-IPCountry HTTP header containing the country code that corresponds to the visitor. All Mirage Turn on or off Cloudflare Mirage of the Cloudflare Speed app.
Learn more. Pro and above Opportunistic Encryption Turn on or off the Cloudflare Opportunistic Encryption feature of the Edge Certificates tab in the Cloudflare SSL/TLS app. Learn more. All Origin Cache Control Origin Cache Control is enabled by default for Free, Pro, and Business domains and disabled by default for Enterprise domains. All Origin Error Page Pass-thru Turn on or off Cloudflare error pages generated from issues sent from the origin server. If enabled, this setting triggers error pages issued by the origin. Enterprise Polish Apply options from the Polish feature of the Cloudflare Speed app. Learn more. Pro and above Query String Sort Turn on or off the reordering of query strings. When query strings have the same structure, caching improves. Learn more. Enterprise Resolve Override Change the origin address to the value specified in this setting.
Learn more. Enterprise Respect Strong ETags Turn on or off byte-for-byte equivalency checks between the Cloudflare cache and the origin server. Learn more. Enterprise Response Buffering Turn on or off whether Cloudflare should wait for an entire file from the origin server before forwarding it to the site visitor. By default, Cloudflare sends packets to the client as they arrive from the origin server. Enterprise Rocket Loader Turn on or off Cloudflare Rocket Loader in the Cloudflare Speed app**.**
Learn more. All Security Level Control options for the Security Level feature from the Security app.
Learn more. All Server Side Excludes Turn on or off the Server Side Excludes feature of the Cloudflare Scrape Shield app.
Learn more. All SSL Control options for the SSL feature of the Edge Certificates tab in the Cloudflare SSL/TLS app. Learn more. All True Client IP Header Turn on or off the True-Client-IP Header feature of the Cloudflare Network app.
Learn more. Enterprise Web Application Firewall (previous version) Turn on or off WAF managed rules as defined in Security > WAF > Managed rules. Learn more.
You cannot enable or disable individual WAF managed rules via page rules.Pro and above
Known Issues
Additional details
Bypass Cache on Cookie setting
Zone name occurrences must end with a slash
example.com, then:example.com will be saved as example.com/example.com/path/example.com will be saved as example.com/path/example.com/example.com/some-path/cloudflare.com will be saved without a final slash, since the zone name is not cloudflare.com.
Network ports supported by Page Rules
Using Page Rules with Workers
Related resources