Require a specific cookie
To secure a sensitive area such as a development area, you can share a cookie with trusted individuals and then filter requests so that only users with that cookie can access your site.
Use http.cookie field to target requests based on the presence of a specific cookie.
This example comprises two rules:
- The first rule targets requests to dev.www.foo that have a specific cookie key,
devaccess. As long as the value of the cookie key contains one of three authorized users, james, matt, or michael, the expression matches and the request is allowed. - The second rule blocks all access to
dev.www.example.com.
Since the Allow action has precedence over Block, Cloudflare grants access to requests that satisfy Rule 1 and blocks all other requests to dev.www.example.com:
| Execution order | Expression | Action |
|---|---|---|
| 1 | (http.cookie contains "devaccess=james" or http.cookie contains "devaccess=matt" or http.cookie contains "devaccess=michael") and http.host eq "dev.www.example.com") | Allow |
| 2 | http.host eq "dev.www.example.com" | Block |