Override expressions
Set an override expression for the HTTP DDoS Attack Protection managed ruleset to define a specific scope for sensitivity level or action adjustments.
For example, you can set different sensitivity levels for different request URI paths: a medium sensitivity level for URI path A and a low sensitivity level for URI path B.
You can use the following fields in override expressions:
cf.bot_management.ja3_hashcf.bot_management.ja4cf.client.botcf.threat_scorecf.tls_ciphercf.tls_client_auth.cert_verifiedcf.tls_versioncf.verified_bot_categoryhttp.cookiehttp.hosthttp.refererhttp.request.headershttp.request.headers.nameshttp.request.headers.truncatedhttp.request.headers.valueshttp.request.urihttp.request.uri.pathhttp.request.uri.path.extensionhttp.request.uri.queryhttp.request.full_urihttp.request.methodhttp.request.versionhttp.request.cookieshttp.user_agenthttp.x_forwarded_forip.geoip.asnumip.geoip.continentip.geoip.countryip.geoip.is_in_european_unionip.srcip.src.asnumip.src.continentip.src.countryip.src.is_in_european_unionssl
Refer to the Fields reference in the Rules language documentation for more information.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark