Using header added by Request header Transform rule in WAF

Hi,

I’m an Enterprise customer. Is it possible to set a header using Request header Transform rules and then use this header in WAF rules? In my testing, the header is there and I can even copy it to the response headers, but WAF doesn’t see it.

Does WAF run before Transform rules (the order isn’t documented anywhere I could find, like Order and priority · Cloudflare Firewall Rules (deprecated) docs - this page specifically excludes Transform rules)?

Is there any way to make this work without using workers?

For example, the header name is “test” and I set it to 1, then try to use in WAF rules like so:

any(http.request.headers.names[*] == "test")

Thank you.

If you run a trace, you’ll see that WAF comes before Request Headers:

Why not use the same criteria you’re using for the transform rule and put that into your WAF rule?

2 Likes

I’m actually doing that now but the same (long and frequently updated) condition is used in several rules and I wanted to essentially turn it into a variable so that I can modify it in one place and then use in multiple rules. This is the best idea I had and as close as I could think of to get to variables in Cloudflare.

2 Likes

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.