Configure an HTTP policy
Before you start
The Cloudflare Gateway L7 firewall will intercept and inspect all HTTP and HTTPS traffic over ports 80 and 443. The inspection of HTTPS traffic requires breaking the TLS connection between the user and the origin server. Cloudflare Gateway presents a certificate to the user and securely connects to the origin on their behalf; however, this requires the Cloudflare certificate to be installed and trusted on each user's device.
Setup your first HTTP policy
On the Teams dashboard, navigate to the Policies tab.
Select the HTTP tab.
- Select Add a Rule.
- Configure the Selector, Operator, and Value(s) to match against.
- Select an Action to perform if the expression matches HTTP traffic.
- Select Create Rule.
The rule is inserted at the bottom of the list of rules when more than one rule is present. Rules are enabled by default and take effect as soon as the rule is created.
Administrators are able to create up to 50 rules in their HTTP policy.
Enable L7 filtering
In the settings (Gateway → Policies → Settings) page, click the toggle to enable filtering once clients have been deployed and certificates installed. If you do not enable filtering, your rules will not apply.