{"id":178,"date":"2026-01-22T00:00:00","date_gmt":"2026-01-22T00:00:00","guid":{"rendered":"https:\/\/wordpress.securinsight.ca\/index.php\/2026\/01\/22\/rules-new-cryptographic-functions-encode_base64-and-sha256-4\/"},"modified":"2026-01-22T00:00:00","modified_gmt":"2026-01-22T00:00:00","slug":"rules-new-cryptographic-functions-encode_base64-and-sha256-4","status":"publish","type":"post","link":"https:\/\/wordpress.securinsight.ca\/index.php\/2026\/01\/22\/rules-new-cryptographic-functions-encode_base64-and-sha256-4\/","title":{"rendered":"Rules &#8211; New cryptographic functions \u2014 encode_base64() and sha256()"},"content":{"rendered":"<p>Cloudflare Rulesets now includes <code>encode_base64()<\/code> and <code>sha256()<\/code> functions, enabling you to generate signed request headers directly in rule expressions. These functions support common patterns like constructing a canonical string from request attributes, computing a SHA256 digest, and Base64-encoding the result.<\/p>\n<hr \/>\n<h4>New functions<\/h4>\n<table>\n<thead>\n<tr>\n<th>Function<\/th>\n<th>Description<\/th>\n<th>Availability<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><code>encode_base64(input, flags)<\/code><\/td>\n<td>Encodes a string to Base64 format. Optional <code>flags<\/code> parameter: <code>u<\/code> for URL-safe encoding, <code>p<\/code> for padding (adds <code>=<\/code> characters to make the output length a multiple of 4, as required by some systems). By default, output is standard Base64 without padding.<\/td>\n<td>All plans (in header transform rules)<\/td>\n<\/tr>\n<tr>\n<td><code>sha256(input)<\/code><\/td>\n<td>Computes a SHA256 hash of the input string.<\/td>\n<td>Requires enablement<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<aside>\n<p>Note<\/p>\n<div>\n<p>The <code>sha256()<\/code> function is available as an Enterprise add-on and requires a specific entitlement. Contact your account team to enable it.<\/p>\n<\/div>\n<\/aside>\n<hr \/>\n<h4>Examples<\/h4>\n<p><strong>Encode a string to Base64 format:<\/strong><\/p>\n<div>\n<figure>\n<pre data-language=\"txt\"><code class=\"language-txt\"><div><div><span>encode_base64(\"hello world\")<\/span><\/div><\/div><\/code><\/pre>\n<div><\/div>\n<\/figure>\n<\/div>\n<p>Returns: <code>aGVsbG8gd29ybGQ<\/code><\/p>\n<p><strong>Encode a string to Base64 format with padding:<\/strong><\/p>\n<div>\n<figure>\n<pre data-language=\"txt\"><code class=\"language-txt\"><div><div><span>encode_base64(\"hello world\", \"p\")<\/span><\/div><\/div><\/code><\/pre>\n<div><\/div>\n<\/figure>\n<\/div>\n<p>Returns: <code>aGVsbG8gd29ybGQ=<\/code><\/p>\n<p><strong>Perform a URL-safe Base64 encoding of a string:<\/strong><\/p>\n<div>\n<figure>\n<pre data-language=\"txt\"><code class=\"language-txt\"><div><div><span>encode_base64(\"hello world\", \"u\")<\/span><\/div><\/div><\/code><\/pre>\n<div><\/div>\n<\/figure>\n<\/div>\n<p>Returns: <code>aGVsbG8gd29ybGQ<\/code><\/p>\n<p><strong>Compute the SHA256 hash of a secret token:<\/strong><\/p>\n<div>\n<figure>\n<pre data-language=\"txt\"><code class=\"language-txt\"><div><div><span>sha256(\"my-token\")<\/span><\/div><\/div><\/code><\/pre>\n<div><\/div>\n<\/figure>\n<\/div>\n<p>Returns a hash that your origin can validate to authenticate requests.<\/p>\n<p><strong>Compute the SHA256 hash of a string and encode the result to Base64 format:<\/strong><\/p>\n<div>\n<figure>\n<pre data-language=\"txt\"><code class=\"language-txt\"><div><div><span>encode_base64(sha256(\"my-token\"))<\/span><\/div><\/div><\/code><\/pre>\n<div><\/div>\n<\/figure>\n<\/div>\n<p>Combines hashing and encoding for systems that expect Base64-encoded signatures.<\/p>\n<p>For more information, refer to the <a href=\"https:\/\/developers.cloudflare.com\/ruleset-engine\/rules-language\/functions\/\">Functions reference<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Cloudflare Rulesets now includes encode_base64() and sha256() functions, enabling you to generate signed request headers directly in rule expressions. These functions support common patterns like constructing a canonical string from request attributes, computing a SHA256 digest, and Base64-encoding the result. New functions Function Description Availability encode_base64(input, flags) Encodes a string to Base64 format. Optional flags [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-178","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts\/178","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/comments?post=178"}],"version-history":[{"count":0,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts\/178\/revisions"}],"wp:attachment":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/media?parent=178"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/categories?post=178"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/tags?post=178"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}