Edit rule expressions
- Expression Builder: Allows you to create expressions using drop-down lists, emphasizing a visual approach to defining an expression.
- Expression Editor: A text-only interface that supports advanced features, such as grouping symbols and functions for transforming and validating values.
Both interfaces are available in the Create firewall rule page.
The Expression Builder allows you to visually create rule expressions by using drop-down lists and entering field values to define one or multiple sub-expressions.
The Expression Preview displays the expression in text:
(ip.geoip.country ne "GB")
To access the Expression Editor, click Edit expression in the Create firewall rule page:
To switch back from the Expression Editor to the Expression Builder, click Use expression builder.
Create nested expressions
The following rule expression example challenges any visitor who is not from Malaysia and tries to access WordPress URI paths.
((http.request.uri.path contains "/xmlrpc.php") or (http.request.uri.pathcontains "/wp-login.php") or (http.request.uri.path contains "/wp-admin/"and not http.request.uri.path contains "/wp-admin/admin-ajax.php" and nothttp.request.uri.path contains "/wp-admin/theme-editor.php")) andip.geoip.country ne "MY"
Only the Expression Editor supports nested expressions such as the one above. If you create a rule with nested expressions in the Expression Editor and try to switch to the Expression Builder, a dialog will warn you that the expression is not supported in the builder. You will be prompted to Discard changes and switch to the Expression Builder or Cancel and continue working in the editor.
Cloudflare validates all expressions before saving them, so if your expression has errors, you will receive an error message in the Cloudflare dashboard, similar to the following:
Filter parsing error (1:313): ((http.request.uri.path contains"/xmlrpc.php") or (http.request.uri.path contains "/wp-login.php") or(http.request.uri.path contains "/wp-admin/" and nothttp.request.uri.path contains "/wp-admin/admin-ajax.php" and nothttp.request.uri.path contains "/wp-admin/theme-editor.php")) andip.geoip.country ne "MY") ^ unrecognised input