Supported fields and operators
The fields available for load balancing rules depend on whether Cloudflare proxies the traffic going through your load balancer.
If you use the wrong set of fields, you might see unexpected behavior from load balancing rules. For best results, use the fields associated with your traffic’s proxy status.
Field Set | Section in Expression Builder | Description |
---|---|---|
Fields supported regardless of proxy | BOTH |
The values that are always accessible regardless of whether the load balancer is proxied or not. |
Proxied-only fields | PROXIED ONLY |
The values accessible only when the load balancer’s traffic is proxied. |
Unproxied-only fields | NON-PROXIED ONLY |
The values accessible only when the load balancer’s traffic is not proxied (DNS-only traffic). |
For a step-by-step guide for creating a rule using the UI’s Expression Builder, see Create a load balancing rule. Note that there are a few fields that are still API-only and not present in the UI.
Fields supported regardless of proxy
Regardless of whether your traffic is proxied, you have access to the following fields:
Field | Name in Expression Builder | Description |
---|---|---|
cf.load_balancer.name Bytes |
Load Balancer Name |
Represents the name of the load balancer executing these rules. Example value:
|
cf.load_balancer.region Bytes |
Load Balancer Region |
Provides the region name of the data center processing the request. Example value:
|
ip.src IP address |
IP Source Address |
If proxied, this field provides the client TCP IP address, which may be adjusted to reflect the actual address of the client by using HTTP headers such as If unproxied (DNS-only), this field provides the ECS source address, if available. If not available, it provides the client resolver IP address. Deprecation Warning: In the future, this field will always be set to the client resolver IP address for unproxied requests. To check for the presence of ECS and use the ECS IP, see the fields Example value:
|
Proxied-only fields
If your traffic is proxied through Cloudflare, you have access to all the fields listed under Fields supported regardless of proxy in addition to the following fields:
Many of these fields are referenced from the Rules language documentation.
Field | Name in Expression Builder | Description |
---|---|---|
http.cookie String |
(API-only) |
Represents the entire cookie as a string. Example value:
|
http.host String |
(API-only) |
Represents the hostname used in the full request URI. Example value:
|
http.referer String |
(API-only) |
Represents the HTTP Referer request header, which contains the address of the web page that linked to the currently requested page. Example value:
|
http.request.headers Map<String><Array> |
Header |
Represents HTTP request headers as a Map (or associative array). The keys of the associative array are the names of HTTP request headers converted to lowercase. When there are repeating headers, the array includes them in the order they appear in the request. Decoding: no decoding performed
Example:
Example value:
|
http.request.method String |
Request Method |
Represents the HTTP method, returned as a string of uppercase characters. Example value:
|
http.request.timestamp.sec Integer |
Timestamp |
Represents the timestamp when Cloudflare received the request, expressed as Unix time in seconds. This value is 10 digits long. Example value:
|
http.request.uri String |
URI |
Represents the URI path and query string of the request. Example value:
|
http.request.uri.args Map<String><Array> |
(API-only) |
Represents the HTTP URI arguments associated with a request as a Map (associative array). When an argument repeats, then the array contains multiple items in the order they appear in the request. The values are not pre-processed and retain the original case used in the request. Decoding: no decoding performed
Example:
Example value:
|
http.request.uri.args.names Array<String> |
(API-only) |
Represents the names of the arguments in the HTTP URI query string. The names are not pre-processed and retain the original case used in the request. When a name repeats, the array contains multiple items in the order that they appear in the request. Decoding: no decoding performed
Example:
Example value:
|
http.request.uri.args.values Array<String> |
(API-only) |
Represents the values of arguments in the HTTP URI query string. The values are not pre-processed and retain the original case used in the request. They are in the same order as in the request. Duplicated values are listed multiple times. Decoding: no decoding performed
Example:
Example value:
|
http.request.uri.path String |
URI Path |
Represents the URI path of the request. Example value:
|
http.request.uri.query String |
URI Query |
Represents the entire query string, without the Example value:
|
http.request.version String |
HTTP Version |
Represents the version of the HTTP protocol used. Use this field when you require different checks for different versions. Example Values:
|
Unproxied-only fields
If your traffic is not proxied through Cloudflare, you have access to all the fields listed under Fields supported regardless of proxy in addition to the following fields:
Field | Name in Expression Builder | Description |
---|---|---|
dns.qry.name Bytes |
Query Name |
Represents the query name asked. Example value:
|
dns.qry.name.len Integer |
Query Name Length |
Represents the length in bytes of the query name. Example value:
|
dns.qry.qu Boolean |
Question |
When |
dns.qry.type Integer |
Query Type |
Represents the numeric value of the DNS query type. Example Values:
|
dns.rr.opt.client Boolean |
(API-only) |
When |
dns.rr.opt.client.addr String |
(API-only) |
If present, this field represents the ECS address sent with the DNS request. Example value:
|
Operators and grouping symbols
-
Comparison operators specify how values defined in an expression must relate to the actual HTTP request value for the expression to return true.
-
Logical operators combine two expressions to form a compound expression and use order of precedence to determine how an expression is evaluated.
-
Grouping symbols allow you to organize expressions, enforce operator precedence, and nest expressions.
For examples and usage, refer to Operators and grouping symbols in the Rules language documentation.