Override expressions

Set an override expression for the HTTP DDoS Attack Protection managed ruleset to define a specific scope for sensitivity level or action adjustments.

For example, you can set different sensitivity levels for different request URI paths: a medium sensitivity level for URI path A and a low sensitivity level for URI path B.

Available expression fields

You can use the following fields in override expressions:

cf.client.bot
cf.threat_score
http.cookie
http.host
http.referer
http.request.uri
http.request.uri.path
http.request.uri.query
http.request.full_uri
http.request.method
http.request.version
http.request.cookies
http.user_agent
http.x_forwarded_for
ip.src
ip.src.asnum
ip.src.continent
ip.src.country
ip.src.is_in_european_union
ssl
cf.tls_client_auth.cert_verified

Refer to the Fields reference in the Rules language documentation for more information.

Was this helpful?

Resources
API
New to Cloudflare?
Products
Sponsorships
Open Source

Support
Help Center
System Status
Compliance
GDPR

Company
cloudflare.com
Our team
Careers

Tools
Cloudflare Radar
Speed Test
Is BGP Safe Yet?
RPKI Toolkit
Certificate Transparency

Community
X
Discord
YouTube
GitHub

2025 Cloudflare, Inc.
Privacy Policy
Terms of Use
Report Security Issues
Trademark