Cloudflare Firewall Header Check

How can I check that header “test” equals to “secret” in cloudflare firewall?
I tried:
(http.host eq "notactualhost.com" and any(http.request.headers["test"][*] == "secret"))
It gives red error at the bottom of the page saying:
not entitled to use request header inspection in expression, at index: 0
I am using cloudflare pro plan.

From https://developers.cloudflare.com/firewall/cf-firewall-rules/fields-and-expressions/ the http.request.headers and related sub-fields have a footnote. That footnote leads to: https://developers.cloudflare.com/firewall/cf-firewall-rules/fields-and-expressions/#fields-footnotes-1

[1] This feature is Enterprise only. For access, please speak to your Customer Success team.

This would require a plan upgrade from Pro.

Outside of Cloudflare’s firewall I believe this basic syntax can be achieved using Cloudflare workers as well. Potentially a different use case/ fee structure but many syntactically similar behaviors could be achieved.

This topic was automatically closed after 30 days. New replies are no longer allowed.