Using header added by Request header Transform rule in WAF


I’m an Enterprise customer. Is it possible to set a header using Request header Transform rules and then use this header in WAF rules? In my testing, the header is there and I can even copy it to the response headers, but WAF doesn’t see it.

Does WAF run before Transform rules (the order isn’t documented anywhere I could find, like Order and priority · Cloudflare Firewall Rules (deprecated) docs - this page specifically excludes Transform rules)?

Is there any way to make this work without using workers?

For example, the header name is “test” and I set it to 1, then try to use in WAF rules like so:

any(http.request.headers.names[*] == "test")

Thank you.

If you run a trace, you’ll see that WAF comes before Request Headers:

Why not use the same criteria you’re using for the transform rule and put that into your WAF rule?


I’m actually doing that now but the same (long and frequently updated) condition is used in several rules and I wanted to essentially turn it into a variable so that I can modify it in one place and then use in multiple rules. This is the best idea I had and as close as I could think of to get to variables in Cloudflare.


This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.