Skip to content
Load Balancing
Visit Load Balancing on GitHub
Set theme to dark (⇧+D)

Supported fields and operators for load balancer rules

The fields available for load balancing rules depend on whether Cloudflare proxies the traffic going through your load balancer.

If you use the wrong type of fields, you might see unexpected behavior from load balancing rules. For best results, always use the fields associated with your traffic's proxy status.

select load balancer fields based on the proxy status header

Fields supported regardless of proxy

Regardless of whether your traffic is proxied, you have access to the following fields:

Name in Expression BuilderFieldDescription
IP addressip.src
IP address

The client TCP IP address, which may be adjusted to reflect the actual address of the client by using, for example, HTTP headers such asX-Forwarded-For or X-Real-IP.

Example value:
93.184.216.34

Load Balancer Regioncf.load_balancer.region
bytes

The region name of the data center processing the request.

Load Balancer Namecf.load_balancer.name
bytes

The name of the load balancer executing these rules.

Example value:
lb.example.com

Proxied traffic

If your traffic is proxied, you have access to all the fields listed under Proxied Only and Both, such as:

  • Request Method
  • URI
  • Timestamp
  • Header

For the most up to date list of these fields, create a load balancing rule in the UI.

For more details about the field type or properties, look for each field in our Firewall rules documentation.

Unproxied traffic

If your traffic is not proxied through Cloudflare, you have access to all the fields listed under Unproxied only and Both.

Cloudflare Load Balancers support the following unproxied fields:

Name in Expression BuilderFieldDescription
Query Typedns.qry.type
Int

The numeric value of the DNS query type

Example Values:

  • 1 (A record)
  • 28 (AAAA record)
Questiondns.qry.typ
boolean

A boolean indicating that the received DNS message was a question

Query Namedns.qry.name
Bytes

The byte of the query name asked, such as example.com

Query Name Lengthdns.qry.name.len
Int

The length in bytes of the query name.


Operators

Overview

Comparison operators specify how values defined in an expression must relate to the actual HTTP request value for the expression to return true.

Logical operators combine two expressions to form a compound expression and use order of precedence to determine how an expression is evaluated.

Load Balancing expressions also support grouping symbols, which allow you to organize expressions, enforce operator precedence, and nest expressions. For examples and usage, see Grouping symbols in the Firewall Rules documentation.

Comparison operators

Comparison operators return true when a value from an HTTP request matches a value defined in an expression.

This is the general pattern for using comparison operators:

<field> <comparison operator> <value>

Load Balancing expressions support these comparison operators:

NameOperator NotationSupported Data TypesExample (operator in bold)
StringIPRules list
Equaleqhttp.request.uri.path eq "/articles/2008/"
Not equalneip.src ne 93.184.216.0
Exactly
contains
containshttp.request.uri.path contains "/articles/"
Matches
regex
matcheshttp.request.uri.path matches "^/articles/200[7-8]/$"
Value is in
a set of values
inip.src in { 93.184.216.0 93.184.216.1 }

Logical operators

Logical operators combine two or more expressions into a single compound expression. A compound expression has this general syntax:

<expression> <logical operator> <expression>

Each logical operator has an order of precedence. The order of precedence (along with grouping symbols) determines the order in which Cloudflare evaluates logical operators in an expression. The not operator ranks first in order of precedence. For more on how Cloudflare evaluates logical operators in expressions, see Order of precedence in the Firewall Rules documentation.

Load Balancing expressions support these logical operators:

NameEnglish
Notation
C-like
Notation
ExampleOrder of Precedence
Logical NOTnot!not ( http.host eq "www.cloudflare.com" and ip.src in 93.184.216.0/24 )1
Logical ANDand&&http.host eq "www.cloudflare.com" and ip.src in 93.184.216.0/242
Logical XOR
(exclusive OR)
xor^^http.host eq "www.cloudflare.com" xor ip.src in 93.184.216.0/243
Logical ORor||http.host eq "www.cloudflare.com" or ip.src in 93.184.216.0/244