Create request header to origin based on incoming request header
I have a requirement where I want to check for an incoming request header from a browser and if it is set with a specific value, I would like to create another origin request header. How do I do this?
I dont want to expose the origin request header - so thinking of the above method, but if there is any other way to solve this, I could try that too.
4 Replies
You can use a Request Header Transform Rule:
https://dash.cloudflare.com/?to=/:account/:zone/rules/transform-rules/modify-request-header/new
Something simple like if match..
http.request.headers["my-special-header"][0] == "cookies"
Then you can set any headers you want, ex: http.request.headers["my-special-header"][0]
If there will be multiple headers with the same name and you want to match if any of them are equal, you could use an expression like
any(http.request.headers["content-type"][*] == "application/json")
https://developers.cloudflare.com/ruleset-engine/rules-language/fields/ is a good referenceFields reference · Cloudflare Ruleset Engine docs
The Cloudflare Rules language supports a range of field types:
Hi @chaika.me - thanks for the quick response.I was trying to use the expression builder and did not see the dropdown show an option for this, hence thought it was not present. I will use the "edit expression" and try. Thanks!!
yea sadly the expression builder is missing a lot of advanced options & not commonly used fields
I would be careful as well, to strip the header if it doesn't match. In my example, if my-special-header does match, it would override it with the first header. If it doesn't match, it would pass in whatever the request sent. You would need an inverse rule to remove the header if it doesn't match, if you don't want your origin to ever get the header unless from that rule
Thanks for the follow-up. Will keep this in mind. The method is for a developer to trigger an internal flow, so the browser header - even if it is sent to the origin, would be ignored, as the new header I create is what will be checked for by the application.