Page Rules

Route Your Way, Your Rules

10 rule action types for routing, security, and edge computing. Configure redirects, proxies, headers, auth, edge functions, and bot challenges per URL path.

Configure rulesPage rules guide
Page Rules
3 rules
Request
/api/users/profile
Evaluating
1 /blog/* Static
2 /api/* Proxy
3 /* Auth skip
Action
Proxy to api.backend.io
Priority order · First match wins Edit rules
10
Action Types
WAF
Integration
Edge
Functions
Drag
& Drop
Routing Actions

Redirects, Proxies, and Static Content

Configure redirects to external URLs, proxy requests to backend origins, or serve static content from your CDN. Each with configurable options.

  • Redirect (301/302/307)
  • Proxy to origins
  • Serve static paths
  • Custom responses

Page rules guide

Page Rules
Redirect 301
Active
/old-page /new-page
Proxy WAF
Active
/api/* https://api.backend.com
Static
Active
/app/* /static/app/index.html
Drag to reorder priority 3 rules
Redirects · Proxies · Static View all
Security Layers
4 active
GET /admin/settings
Bot Challenge
JS verification
Passed
WAF + Rate Limit
OWASP rules · 100 req/min
Allowed
Password Auth
Basic auth on /admin/*
Challenge
Authentication Required
Username
••••••••
Edge Auth
JWT validation function
Pending
Request → Security → Origin Configure
Security Actions

Layered Security at the Edge

Every request passes through your configured security layers before reaching origin. Stack multiple protections on the same path -bot challenge first, then WAF inspection, then authentication.

Bot challenges show JavaScript or CAPTCHA verification to filter automated traffic. WAF rules inspect requests against OWASP patterns and enforce rate limits. Password protection adds basic auth to any path. Edge auth runs your custom validation logic before the request continues.

Configure each layer independently per URL pattern. A staging environment might need password protection, while your API needs rate limiting and JWT validation.

WAF and security docs

Edge Rules
3 attached
Edge Function
Active
/api/users/*
api-gateway-function
Auth Middleware
Active
/admin/*
jwt-validator
Content Filter
Active
/*.html
analytics-injector
Headers /*
+3 security headers
Functions · Auth · Filters Manage
Edge Computing

Run Code on Every Request

Attach edge functions to URL patterns to intercept and handle requests with custom JavaScript. Three function types serve different purposes:

Edge Function

Full request handler. Return a response, proxy to origin, or call external APIs. Use for custom routing, A/B tests, or API gateways.

Content Filter

TransformStream that modifies HTML responses. Inject analytics, rewrite links, or add headers to existing pages without changing origin.

Auth Middleware

Returns 201 to allow, 401/403 to deny. Chain with other security rules. Use for JWT validation, session checks, or custom auth logic.

Edge functions documentation

All 10 Rule Action Types

Complete list of actions available for your page rules.

Redirect

301, 302, or 307 redirects to internal or external URLs.

  • Status codes
  • URL patterns
  • Query strings
Learn more

Proxy

Forward requests to backend origins with optional WAF protection and rate limiting.

  • Origin targets
  • WAF config
  • Headers
Learn more

Serve Static Path

Serve static content from your CDN for specific URL patterns.

  • Static content
  • Path mapping
  • Cache control
Learn more

Password Protect

Add basic authentication to protect sensitive paths.

  • Username/password
  • Realm config
  • Access control
Learn more

Bot Challenge

Show CAPTCHA or JS challenge to suspicious traffic.

  • Challenge page
  • Bot detection
  • Rate limiting
Learn more

Edge Function

Execute serverless functions for custom request handling.

  • Custom logic
  • API proxies
  • Data enrichment
Learn more

Content Filter

Transform HTML responses with TransformStream filters.

  • HTML modification
  • Script injection
  • Content replacement
Learn more

Edge Auth

Auth middleware that returns 201 for access or 401/403 to deny.

  • JWT validation
  • Session checks
  • Chainable
Learn more

Custom Headers

Add, modify, or remove response headers on matching paths.

  • Security headers
  • CORS
  • Cache-Control
Learn more

Custom Response

Return a custom response body and status code.

  • Custom body
  • Status codes
  • Content type
Learn more

Configure Your Routing

Create page rules with 10 action types. Drag-and-drop ordering in the dashboard.

10 action types
WAF integration
Edge functions
Drag & drop ordering
Create rulesView documentation