Cloudflare Docs
Edit this page
Report an issue with this page
Log into the Cloudflare dashboard
Set theme to dark (⇧+D)

Require a specific cookie

To secure a sensitive area such as a development area, you can share a cookie with trusted individuals and then filter requests so that only users with that cookie can access your site.

Use the http.cookie field to target requests based on the presence of a specific cookie.

This example comprises two rules:

  • The first rule targets requests to that have a specific cookie key, devaccess. As long as the value of the cookie key contains one of three authorized users — james, matt, or michael — the expression matches and the request is allowed, skipping all other custom rules.
  • The second rule blocks all access to

Since custom rules are evaluated in order, Cloudflare grants access to requests that satisfy rule 1 and blocks all other requests to

(http.cookie contains "devaccess=james" or http.cookie contains "devaccess=matt" or http.cookie contains "devaccess=michael") and eq ""Skip:
All remaining custom rules
( eq "")Block