{"id":186,"date":"2026-01-27T00:00:00","date_gmt":"2026-01-27T00:00:00","guid":{"rendered":"https:\/\/wordpress.securinsight.ca\/index.php\/2026\/01\/27\/rules-control-request-and-response-body-buffering-in-configuration-rules\/"},"modified":"2026-01-27T00:00:00","modified_gmt":"2026-01-27T00:00:00","slug":"rules-control-request-and-response-body-buffering-in-configuration-rules","status":"publish","type":"post","link":"https:\/\/wordpress.securinsight.ca\/index.php\/2026\/01\/27\/rules-control-request-and-response-body-buffering-in-configuration-rules\/","title":{"rendered":"Rules &#8211; Control request and response body buffering in Configuration Rules"},"content":{"rendered":"<p>You can now control how Cloudflare buffers HTTP request and response bodies using two new settings in <a href=\"https:\/\/developers.cloudflare.com\/rules\/configuration-rules\/\">Configuration Rules<\/a>.<\/p>\n<h4>Request body buffering<\/h4>\n<p>Controls how Cloudflare buffers HTTP request bodies before forwarding them to your origin server:<\/p>\n<table>\n<thead>\n<tr>\n<th>Mode<\/th>\n<th>Behavior<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Standard<\/strong> (default)<\/td>\n<td>Cloudflare can inspect a prefix of the request body for enabled functionality such as WAF and Bot Management.<\/td>\n<\/tr>\n<tr>\n<td><strong>Full<\/strong><\/td>\n<td>Buffers the entire request body before sending to origin.<\/td>\n<\/tr>\n<tr>\n<td><strong>None<\/strong><\/td>\n<td>No buffering \u2014 the request body streams directly to origin without inspection.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h4>Response body buffering<\/h4>\n<p>Controls how Cloudflare buffers HTTP response bodies before forwarding them to the client:<\/p>\n<table>\n<thead>\n<tr>\n<th>Mode<\/th>\n<th>Behavior<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Standard<\/strong> (default)<\/td>\n<td>Cloudflare can inspect a prefix of the response body for enabled functionality.<\/td>\n<\/tr>\n<tr>\n<td><strong>None<\/strong><\/td>\n<td>No buffering \u2014 the response body streams directly to the client without inspection.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<aside>\n<p>Warning<\/p>\n<div>\n<p>Setting body buffering to <strong>None<\/strong> may break security functionality that requires body inspection, including the Web Application Firewall (WAF) and Bot Management. Ensure that any paths where you disable buffering do not require security inspection.<\/p>\n<\/div>\n<\/aside>\n<aside>\n<p>Availability<\/p>\n<div>\n<p>These settings only take effect on zones running Cloudflare&#8217;s <a href=\"https:\/\/blog.cloudflare.com\/20-percent-internet-upgrade\/\" target=\"_blank\">latest CDN proxy<\/a>. Enterprise customers can contact their account team to enable the latest proxy on their zones.<\/p>\n<\/div>\n<\/aside>\n<h4>API example<\/h4>\n<div>\n<figure>\n<pre data-language=\"json\"><code class=\"language-json\"><div><div><span>{<\/span><\/div><\/div><div><div><span>  <\/span><span>\"<\/span><span>action<\/span><span>\"<\/span><span>:<\/span><span> <\/span><span>\"set_config\"<\/span><span>,<\/span><\/div><\/div><div><div><span>  <\/span><span>\"<\/span><span>action_parameters<\/span><span>\"<\/span><span>:<\/span><span> <\/span><span>{<\/span><\/div><\/div><div><div><span>    <\/span><span>\"<\/span><span>request_body_buffering<\/span><span>\"<\/span><span>:<\/span><span> <\/span><span>\"standard\"<\/span><span>,<\/span><\/div><\/div><div><div><span>    <\/span><span>\"<\/span><span>response_body_buffering<\/span><span>\"<\/span><span>:<\/span><span> <\/span><span>\"none\"<\/span><\/div><\/div><div><div><span>  <\/span><span>}<\/span><\/div><\/div><div><div><span>}<\/span><\/div><\/div><\/code><\/pre>\n<div><\/div>\n<\/figure>\n<\/div>\n<p>For more information, refer to <a href=\"https:\/\/developers.cloudflare.com\/rules\/configuration-rules\/\">Configuration Rules<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>You can now control how Cloudflare buffers HTTP request and response bodies using two new settings in Configuration Rules. Request body buffering Controls how Cloudflare buffers HTTP request bodies before forwarding them to your origin server: Mode Behavior Standard (default) Cloudflare can inspect a prefix of the request body for enabled functionality such as WAF [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-186","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts\/186","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/comments?post=186"}],"version-history":[{"count":0,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts\/186\/revisions"}],"wp:attachment":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/media?parent=186"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/categories?post=186"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/tags?post=186"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}