Cloudflare Docs
Rules
Rules
Visit Rules on GitHub
Set theme to dark (⇧+D)

Available settings

The following sections describe the available settings in Origin Rules.

​​ Host header

Allows you to rewrite the HTTP Host header of incoming requests.

A common use case for this functionality is when your content is hosted on a third-party server that only accepts Host headers with their own server names. In this situation, you must update the Host HTTP header in incoming requests from Host: example.com to Host: thirdpartyserver.example.net.

You must specify a valid hostname in a Host header override that is either:

  • A hostname on the same Cloudflare account (possibly on a different zone).
  • A hostname for which Cloudflare is not proxying traffic (gray-clouded).

​​ Server Name Indication (SNI)

Allows you to override the Server Name Indication (SNI) 1 value of a request. For more information, refer to What is SNI (Server Name Indication)? in the Learning Center.

The new SNI value must be a valid hostname on the same Cloudflare account (possibly on a different zone).

​​ DNS record

Allows you to override the resolved hostname of incoming requests. This functionality is also known as resolve override.

A common use case is when you are serving an application from the URI (for example, mydomain.com/app). In this case, the app may be hosted on a different server or by a third party. A DNS record override allows you to redirect requests to this endpoint to the server for that third-party application.

You must specify a valid hostname in a DNS record override that is either:

  • A hostname on the same Cloudflare account (possibly on a different zone).
  • A hostname for which Cloudflare is not proxying traffic (gray-clouded).

​​ Destination port

Allows you to override the destination port of a request.

When you configure a destination port override, you can redirect incoming requests to a different port. For example, you could override the destination port for requests received for mydomain.com so that they are served by the application running on port 9000 (mydomain.com:9000).

The destination port must be between 1 and 65,535.


  1. SNI allows a server to host multiple TLS Certificates for multiple websites using a single IP address. SNI adds the website hostname in the TLS handshake to inform the server which website to present when using shared IPs. ↩︎