In the Configure HTTPS settings tutorial, you configured zone settings that apply to all incoming requests for example.com
. In this tutorial, you will add an exception to these settings using Page Rules .
Specifically, you will increase the security level for a URL known to be expensive to render and cannot be cached: https://www.example.com/expensive-db-call
. Additionally, you will add a redirect from the previous URL used to host this page.
1. Create a new branch and append the page rule
Create a new branch and append the configuration.
git checkout -b step5-pagerule
Switched to a new branch 'step5-pagerule'
cat >> cloudflare.tf << 'EOF'
resource "cloudflare_page_rule" "increase-security-on-expensive-page" {
target = "www.${var.domain}/expensive-db-call"
security_level = "under_attack"
resource "cloudflare_page_rule" "redirect-to-new-db-page" {
target = "www.${var.domain}/old-location.php"
url = "https://www.${var.domain}/expensive-db-call"
2. Preview and merge the changes
Preview the changes Terraform will make and then merge them into the master
branch.
cloudflare_record.www-asia: Refreshing state... [id=fda39d8c9bf909132e82a36bab992864]
cloudflare_record.www: Refreshing state... [id=c38d3103767284e7cd14d5dad3ab8669]
cloudflare_zone_settings_override.example-com-settings: Refreshing state... [id=e2e6491340be87a3726f91fc4148b126]
cloudflare_load_balancer_monitor.get-root-https: Refreshing state... [id=4238142473fcd48e89ef1964be72e3e0]
cloudflare_load_balancer_pool.www-servers: Refreshing state... [id=906d2a7521634783f4a96c062eeecc6d]
cloudflare_load_balancer.www-lb: Refreshing state... [id=cb94f53f150e5c1a65a07e43c5d4cac4]
Terraform used the selected providers to generate the following execution plan.
Resource actions are indicated with the following symbols:
Terraform will perform the following actions:
# cloudflare_page_rule.increase-security-on-expensive-page will be created
+ resource "cloudflare_page_rule" "increase-security-on-expensive-page" {
+ id = (known after apply )
+ target = "www.example.com/expensive-db-call"
+ zone_id = "e2e6491340be87a3726f91fc4148b126"
+ always_use_https = false
+ disable_performance = false
+ disable_security = false
+ security_level = "under_attack"
# cloudflare_page_rule.redirect-to-new-db-page will be created
+ resource "cloudflare_page_rule" "redirect-to-new-db-page" {
+ id = (known after apply )
+ target = "www.example.com/old-location.php"
+ zone_id = "e2e6491340be87a3726f91fc4148b126"
+ always_use_https = false
+ disable_performance = false
+ disable_security = false
+ url = "https://www.example.com/expensive-db-call"
Plan: 2 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
git commit -m "Step 5 - Add two Page Rules."
[ step5-pagerule d4fec16 ] Step 5 - Add two Page Rules.
1 file changed, 23 insertions ( + )
Switched to branch 'master'
Updating 7a2ac34..d4fec16
cloudflare.tf | 23 +++++++++++++++++++++++
1 file changed, 23 insertions ( + )
3. Apply and verify the changes
First, test request the (now missing) old location of the expensive-to-render page.
curl -vso /dev/null https://www.example.com/old-location.php 2>&1 | grep "< HTTP\|Location"
As expected, the location cannot be found. Apply the Page Rules, including the redirect that should fix this error.
terraform apply --auto-approve
cloudflare_record.www-asia: Refreshing state... [id=fda39d8c9bf909132e82a36bab992864]
cloudflare_load_balancer_monitor.get-root-https: Refreshing state... [id=4238142473fcd48e89ef1964be72e3e0]
cloudflare_zone_settings_override.example-com-settings: Refreshing state... [id=e2e6491340be87a3726f91fc4148b126]
cloudflare_record.www: Refreshing state... [id=c38d3103767284e7cd14d5dad3ab8669]
cloudflare_load_balancer_pool.www-servers: Refreshing state... [id=906d2a7521634783f4a96c062eeecc6d]
cloudflare_load_balancer.www-lb: Refreshing state... [id=cb94f53f150e5c1a65a07e43c5d4cac4]
Terraform used the selected providers to generate the following execution plan.
Resource actions are indicated with the following symbols:
Terraform will perform the following actions:
# cloudflare_page_rule.increase-security-on-expensive-page will be created
+ resource "cloudflare_page_rule" "increase-security-on-expensive-page" {
+ id = (known after apply )
+ target = "www.example.com/expensive-db-call"
+ zone_id = "e2e6491340be87a3726f91fc4148b126"
+ always_use_https = false
+ disable_performance = false
+ disable_security = false
+ security_level = "under_attack"
# cloudflare_page_rule.redirect-to-new-db-page will be created
+ resource "cloudflare_page_rule" "redirect-to-new-db-page" {
+ id = (known after apply )
+ target = "www.example.com/old-location.php"
+ zone_id = "e2e6491340be87a3726f91fc4148b126"
+ always_use_https = false
+ disable_performance = false
+ disable_security = false
+ url = "https://www.example.com/expensive-db-call"
cloudflare_page_rule.redirect-to-new-db-page: Creating...
cloudflare_page_rule.increase-security-on-expensive-page: Creating...
cloudflare_page_rule.redirect-to-new-db-page: Creation complete after 3s [id=c5c40ff2dc12416b5fe4d0541980c591]
cloudflare_page_rule.increase-security-on-expensive-page: Creation complete after 6s [id=1c13fdb84710c4cc8b11daf7ffcca449]
Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
With the Page Rules in place, try that call again, along with a test for the I'm Under Attack mode:
curl -vso /dev/null https://www.example.com/old-location.php 2>&1 | grep "< HTTP\|Location"
< HTTP/1.1 301 Moved Permanently
< Location: https://www.example.com/expensive-db-call
curl -vso /dev/null https://www.example.com/expensive-db-call 2>&1 | grep "< HTTP"
< HTTP/1.1 503 Service Temporarily Unavailable
The call works as expected. In the first case, the Cloudflare global network responds with a 301
redirecting the browser to the new location. In the second case, the Cloudflare global network initially responds with a 503
, which is consistent with the I'm Under Attack mode.
Thank you for helping improve Cloudflare's documentation!