Skip to main content

Page Rules (Legacy)

Learning Focus

By the end of this lesson you will understand what Page Rules do, when they are still appropriate to use, and how to migrate every cache-related Page Rule to its modern equivalent.

What Are Page Rules?

Page Rules are Cloudflare's original system for controlling how the edge handles a specific URL or URL pattern. A single Page Rule matches a URL pattern and then applies one or more settings — caching, redirects, security level, performance tweaks — all in one place.

flowchart LR
    REQ["Incoming Request\nhttps://example.com/blog/*"] --> PR["Page Rules Engine\n(URL pattern match)"]
    PR -->|"Match"| SETTINGS["Apply Multiple Settings\n• Cache Level: Cache Everything\n• Edge TTL: 1 hour\n• Browser TTL: 5 min"]
    PR -->|"No match"| DEFAULT["Default zone settings"]

    style PR fill:#f6821f,color:#fff,stroke:#e5711e
    style SETTINGS fill:#2563eb,color:#fff,stroke:#1e40af
Page Rules Are Legacy

Cloudflare officially recommends migrating away from Page Rules. As of 2024, Page Rules are in maintenance mode — no new features are being added. New deployments should use the modern replacements: Cache Rules, Configuration Rules, Redirect Rules, and Transform Rules.

Existing Page Rules continue to work and are not being removed, but the migration is strongly encouraged.

Page Rules URL Pattern Syntax

Page Rules match URLs using a glob-style pattern with * as a wildcard:

PatternMatchesDoes Not Match
example.com/blog/*example.com/blog/post-1, example.com/blog/2024/postexample.com/shop/
*.example.com/adminapp.example.com/admin, api.example.com/adminexample.com/admin
example.com/assets/*.cssexample.com/assets/style.css, example.com/assets/v2/app.cssexample.com/assets/app.js
example.com/*Everything on example.comsub.example.com/*
*example.com/*Every URL on every subdomain and root
info

Page Rules match the full URL including protocol (http:// or https://). You can write patterns as just example.com/path — Cloudflare applies it to both HTTP and HTTPS.

Free Tier Limits

FeatureFree Plan
Page Rules3 rules
Pro / Business / Enterprise20 / 50 / 125 rules
Only 3 Rules on Free

The free plan's 3-rule limit is a significant constraint. This is one of the strongest reasons to migrate to modern rules (Cache Rules = 10 free, Redirect Rules = 10 free, etc.).

Available Page Rule Settings

A single Page Rule can apply multiple settings simultaneously. Here are all the settings relevant to caching and performance:

Cache Settings

SettingValuesWhat It Controls
Cache LevelBypass, Basic, Simplified, Aggressive, Cache EverythingWhether and how aggressively to cache
Edge Cache TTL2h, 4h, 8h, 16h, 1d, 2d, 3d, 4d, 5d, 6d, 7d, 2w, 1mHow long the edge caches the response
Browser Cache TTL30m, 1h, 2h, ... 1 yearHow long the browser caches the response
Cache Deception ArmorOn / OffPrevents cache poisoning via URL extension tricks
Bypass Cache on CookieCookie name(s)Bypass cache if a specific cookie is present

Performance Settings

SettingValuesWhat It Controls
Rocket LoaderOn / Off / AutomaticDefer JS for faster page paint
MinifyJS / CSS / HTML (checkboxes)Minify specific asset types for this URL
Auto MinifyOn / OffEnable auto minification
MirageOn / OffMobile image optimisation (paid)
PolishOff / Lossless / LossyImage compression (paid)

Security Settings

SettingValuesWhat It Controls
Security LevelEssentially Off / Low / Medium / High / I'm Under AttackChallenge threshold for this URL
SSLOff / Flexible / Full / Full (Strict) / StrictSSL mode override for this URL
Always Use HTTPSOnRedirect HTTP → HTTPS for this URL pattern
Disable AppsDisables Cloudflare apps for this page
IP GeolocationOn / OffAdd CF-IPCountry header

Common Page Rule Patterns

Pattern 1: Cache Everything for a Static Site

Use case: Your entire site is a static HTML site (e.g., built with Hugo, Eleventy, or Astro). You want every page cached.

URL Pattern: example.com/*
Settings:
  • Cache Level: Cache Everything
  • Edge Cache TTL: 1 day
  • Browser Cache TTL: 1 hour

Every request for any page is cached at the edge. If you update content, purge the cache.

Pattern 2: Bypass Cache for the WordPress Admin

Use case: WordPress serves the same domain for both public pages (cacheable) and admin pages (/wp-admin/, /wp-json/, /?p=) that are not cacheable.

URL Pattern: example.com/wp-admin/*
Settings:
  • Cache Level: Bypass

URL Pattern: example.com/wp-login.php
Settings:
  • Cache Level: Bypass
tip

For WordPress, the most reliable pattern is to combine Cache Everything on the root (example.com/*) with Bypass Cache on Cookie for WordPress session cookies (wordpress_*, wp-settings-*, comment_*). This caches pages for non-logged-in visitors and bypasses cache for editors and commenters.

Pattern 3: Force HTTPS on Everything

Use case: Redirect all HTTP traffic to HTTPS.

URL Pattern: http://example.com/*
Settings:
  • Always Use HTTPS: On
Modern Alternative

This is better handled today using SSL/TLS → Edge Certificates → Always Use HTTPS or a Redirect Rule. It does not consume a Page Rule.

Pattern 4: Long Cache for a CDN-Style Asset Path

Use case: Your /static/ path contains production assets with content-hashed filenames.

URL Pattern: example.com/static/*
Settings:
  • Cache Level: Cache Everything
  • Edge Cache TTL: 1 month
  • Browser Cache TTL: 1 year

Pattern 5: Override Security Level for an API Endpoint

Use case: Your API (/api/) is called programmatically. Cloudflare's default security challenges would block legitimate API clients.

URL Pattern: example.com/api/*
Settings:
  • Security Level: Essentially Off
  • Cache Level: Bypass

Migrating from Page Rules to Modern Rules

This is the official Cloudflare recommendation. Here is the full mapping:

Page Rule SettingModern ReplacementWhere to Configure
Cache Level: Cache EverythingCache Rule → Eligible for cacheCaching → Cache Rules
Cache Level: BypassCache Rule → Bypass cacheCaching → Cache Rules
Edge Cache TTLCache Rule → Edge TTLCaching → Cache Rules
Browser Cache TTLCache Rule → Browser TTLCaching → Cache Rules
Bypass Cache on CookieCache Rule + condition: Cookie containsCaching → Cache Rules
Always Use HTTPSRedirect Rule (HTTP→HTTPS)Rules → Redirect Rules
Security Level overrideConfiguration RuleRules → Configuration Rules
Rocket Loader / Minify overrideConfiguration RuleRules → Configuration Rules
SSL overrideConfiguration RuleRules → Configuration Rules
Forwarding URL (301/302)Redirect RuleRules → Redirect Rules

Migration Checklist

□ 1. List all current Page Rules (Cloudflare → Rules → Page Rules)
□ 2. Categorise each rule by type:
       - Cache-related  → Cache Rules
       - Redirects      → Redirect Rules
       - Security/SSL   → Configuration Rules
       - Performance    → Configuration Rules
□ 3. Create the equivalent modern rules in the correct section
□ 4. Test each URL pattern to confirm behaviour is identical
□ 5. Disable the Page Rule (don't delete yet)
□ 6. Monitor for 24–48 hours
□ 7. Delete the Page Rule once confident

Example Migration: Cache Everything for Blog

Before (Page Rule):

URL: example.com/blog/*
Settings: Cache Level = Cache Everything, Edge Cache TTL = 1 day

After (Cache Rule):

When: URI Path starts with /blog
Then:
  • Cache eligibility: Eligible for cache
  • Edge TTL: Override to 86400 seconds (1 day)

Advantages of the Cache Rule:

  • Uses the visual expression builder (no glob syntax to remember)
  • Can combine with AND/OR conditions (e.g., only cache if NOT logged in)
  • Doesn't consume one of your 3 precious free Page Rules

Page Rules Execution Order

Page Rules run in priority order — the rule with the lowest position number (displayed in the dashboard) executes first. If a Page Rule matches, Cloudflare continues checking other rules for additional settings, unlike Cache Rules which stop at the first match.

This means two Page Rules for the same URL can both apply, which can create unexpected interactions. Modern rules (Cache Rules, Redirect Rules, etc.) are more explicit about this.

When Page Rules Are Still Acceptable

Despite the migration recommendation, Page Rules remain acceptable when:

  1. You're on Free plan and only have 1–2 cache overrides to set — Page Rules and Cache Rules consume from different quotas. You have 3 Page Rules AND 10 Cache Rules on the free plan. Using a Page Rule for simple cache overrides doesn't "cost" any of your 10 Cache Rule slots.
  2. You need multiple unrelated settings for one URL in one rule — A Page Rule can set Cache Level, Security Level, and Browser TTL in a single rule. Modern rules require one rule per category.
  3. You have existing Page Rules that work correctly — There is no urgency to migrate rules that are functioning well.

Common Misconceptions

"Page Rules are being removed"

Reality: Cloudflare has stated Page Rules will not be removed. They are in maintenance mode — no new features — but all existing rules will continue working indefinitely.

"I can only apply one setting per Page Rule"

Reality: A single Page Rule can apply multiple settings simultaneously — e.g., Cache Everything + Browser TTL + Security Level all from one rule. This is actually one advantage Page Rules have over the individual modern rule types.

"Page Rules run before Cache Rules"

Reality: The Ruleset Engine processes rules in a specific order. Cache Rules currently run before Page Rules in the execution pipeline. If both match, Cache Rules take precedence for cache settings.

Key Takeaways

  • Page Rules are the legacy per-URL configuration system — powerful but limited to 3 on the free plan.
  • They use glob syntax (* as wildcard) to match URL patterns.
  • A single rule can apply multiple, different settings simultaneously.
  • Cache Level: Cache Everything is the core Page Rule cache setting — equivalent to "Eligible for cache" in Cache Rules.
  • Migrate to modern rules (Cache Rules, Redirect Rules, Configuration Rules) for new work — they have higher free-tier limits and more powerful conditions.
  • Page Rules are not being removed — migration is recommended, not required.

What's Next