How to configure match conditions - Web Application Firewall

When you configure a whitelist rule, a custom rule, or a bot management rule, you must configure match conditions for the rule to specify the characteristics of the requests that you want Web Application Firewall (WAF) to detect. This topic describes the fields that you can use in match conditions.

Introduction to match conditions

You can use match conditions to specify the characteristics of the requests that you want WAF to detect. You must configure match conditions when you configure a whitelist rule, custom rule, or bot management rule. If a request matches the match conditions that you specified in a protection rule, WAF performs the action that is specified in the rule on the request. The action can be Allow, Block, or JavaScript Validation. 匹配条件

A match condition consists of a match field, a logical operator, and match content. Examples:

Example 1: If you set Match Field to URI, Logical Operator to Contains, and Match Content to /login.php, the rule is matched when a Uniform Resource Identifier (URI) contains /login.php.
Example 2: If you set Match Field to IP, Logical Operator to Belongs To, and Match Content to 192.XX.XX.1, the rule is matched when a request is sent from a client whose IP address is 192.XX.XX.1.

Important

If the content of requests is encoded by using URL, HTML, or Unicode encoding, WAF decodes the content and then processes the requests.

Supported match fields

The following table describes the match fields that are supported in match conditions.

Match field	Description	Supported logical operator
URI	The URI of the request. The URI indicates the requested resource. In most cases, a URI consists of a path and a query string. The match content must start with a forward slash (`/`) and cannot contain a domain name. Example: `/login.php`.	Equals, Does Not Equal, Equals One of Multiple Values, and Does Not Equal Any Value Contains, Does Not Contain, Contains One of Multiple Values, and Does Not Contain Any Value Length Equal To, Length Greater Than, and Length Less Than Prefix Match and Suffix Match Regular Expression Match and Regular Expression Mismatch Important Custom rules that contain the logical operators are considered advanced rules. The billing rules of advanced rules are different from the billing rules of basic rules. For more information, see the "Billable items" section in the Billing overview topic.
IP	The source IP address of the request. You can specify the IP address based on the following requirements: You can enter IPv4 addresses, such as `1.XX.XX.1`, and IPv6 addresses, such as `2001:db8:ffff:ffff:ffff:ffff:ffff:ffff`. You can enter CIDR blocks, such as `1.XX.XX.1/16`. You must press the Enter key each time you enter an IP address. You can enter up to 100 IP addresses.	Belongs To and Does Not Belong To Note You can enter up to 100 IP addresses or CIDR blocks for a single protection rule. For example, if a protection rule has two match conditions whose match field is IP, you can enter up to 100 IP addresses or CIDR blocks in the match content of the conditions. Separate multiple IP addresses or CIDR blocks with commas (,).
Referer	The URL of the source page from which the request is redirected.	Equals, Does Not Equal, Equals One of Multiple Values, and Does Not Equal Any Value Contains, Does Not Contain, Contains One of Multiple Values, and Does Not Contain Any Value Exists and Does Not Exist Empty Length Equal To, Length Greater Than, and Length Less Than Prefix Match and Suffix Match Regular Expression Match and Regular Expression Mismatch Important Custom rules that contain the logical operators are considered advanced rules. The billing rules of advanced rules are different from the billing rules of basic rules. For more information, see the "Billable items" section in the Billing overview topic.
User-Agent	The browser information of the client that sends the request. The information includes the browser, rendering engine, and version.	Equals, Does Not Equal, Equals One of Multiple Values, and Does Not Equal Any Value Contains, Does Not Contain, Contains One of Multiple Values, and Does Not Contain Any Value Exists and Does Not Exist Empty Length Equal To, Length Greater Than, and Length Less Than Prefix Match and Suffix Match Regular Expression Match and Regular Expression Mismatch Important Custom rules that contain the logical operators are considered advanced rules. The billing rules of advanced rules are different from the billing rules of basic rules. For more information, see the "Billable items" section in the Billing overview topic.
Query String	The query string in the request. The query string is the part that follows the question mark (?) in the URL.	Equals, Does Not Equal, Equals One of Multiple Values, and Does Not Equal Any Value Contains, Does Not Contain, Contains One of Multiple Values, and Does Not Contain Any Value Exists and Does Not Exist Length Equal To, Length Greater Than, and Length Less Than Prefix Match and Suffix Match Regular Expression Match and Regular Expression Mismatch Important Custom rules that contain the logical operators are considered advanced rules. The billing rules of advanced rules are different from the billing rules of basic rules. For more information, see the "Billable items" section in the Billing overview topic.
Cookie	The cookie information in the request.	Equals, Does Not Equal, Equals One of Multiple Values, and Does Not Equal Any Value Contains, Does Not Contain, Contains One of Multiple Values, and Does Not Contain Any Value Exists and Does Not Exist Length Equal To, Length Greater Than, and Length Less Than Regular Expression Match and Regular Expression Mismatch Important Custom rules that contain the logical operators are considered advanced rules. The billing rules of advanced rules are different from the billing rules of basic rules. For more information, see the "Billable items" section in the Billing overview topic.
Content-Type	The HTTP content type that is specified for the response. The HTTP content type is known as the Multipurpose Internet Mail Extensions (MIME) type.	Equals, Does Not Equal, Equals One of Multiple Values, and Does Not Equal Any Value Contains, Does Not Contain, Contains One of Multiple Values, and Does Not Contain Any Value Length Equal To, Length Greater Than, and Length Less Than Regular Expression Match and Regular Expression Mismatch Important Custom rules that contain the logical operators are considered advanced rules. The billing rules of advanced rules are different from the billing rules of basic rules. For more information, see the "Billable items" section in the Billing overview topic.
Content-Length	The number of bytes that are included in the response. Valid values: 0 to 8192.	Equals, Value Greater Than, and Value Less Than
X-Forwarded-For	The originating IP address. The HTTP X-Forwarded-For (XFF) header is used to identify the originating IP address of the request that is forwarded by an HTTP proxy or a Server Load Balancer (SLB) instance. The XFF header is included only in requests that are forwarded by an HTTP proxy or an SLB instance.	Equals, Does Not Equal, Equals One of Multiple Values, and Does Not Equal Any Value Contains and Does Not Contain Does Not Exist Length Equal To, Length Greater Than, and Length Less Than
Body	The content of the request. Important A custom rule that uses this match field is considered an advanced rule. The billing rules of advanced rules are different from the billing rules of basic rules. For more information, see the "Billable items" section in the Overview topic.	Equals and Does Not Equal Contains and Does Not Contain Does Not Exist Prefix Match and Suffix Match Regular Expression Match
Http-Method	The request method. Valid values: GET, POST, DELETE, PUT, OPTIONS, CONNECT, HEAD, TRACE, and PATCH.	Equals, Does Not Equal, Equals One of Multiple Values, and Does Not Equal Any Value
Header	The request header. Custom headers are supported.	Equals, Does Not Equal, Equals One of Multiple Values, and Does Not Equal Any Value Contains, Does Not Contain, Contains One of Multiple Values, and Does Not Contain Any Value Exists and Does Not Exist Length Equal To, Length Greater Than, and Length Less Than Regular Expression Match and Regular Expression Mismatch Important Custom rules that contain the logical operators are considered advanced rules. The billing rules of advanced rules are different from the billing rules of basic rules. For more information, see the "Billable items" section in the Billing overview topic.
URI Path	The URI path of the request.	Equals, Does Not Equal, Equals One of Multiple Values, and Does Not Equal Any Value Contains, Does Not Contain, Contains One of Multiple Values, and Does Not Contain Any Value Length Equal To, Length Greater Than, and Length Less Than Prefix Match and Suffix Match Regular Expression Match and Regular Expression Mismatch Important Custom rules that contain the logical operators are considered advanced rules. The billing rules of advanced rules are different from the billing rules of basic rules. For more information, see the "Billable items" section in the Billing overview topic.
Query String Parameter	The names of the request parameters. The request parameters are the part that follows the question mark (?) in the URL of the request. For example, `param1` and `param2` in `www.aliyundoc.com/request_path?param1=a¶m2=b` are request parameters.	Equals, Does Not Equal, Equals One of Multiple Values, and Does Not Equal Any Value Contains, Does Not Contain, Contains One of Multiple Values, and Does Not Contain Any Value Exists and Does Not Exist Empty Length Equal To, Length Greater Than, and Length Less Than Prefix Match and Suffix Match
Server-Port	The port of the server.	Equals, Does Not Equal, Equals One of Multiple Values, and Does Not Equal Any Value
File Extension	The file name extension of the requested file. Examples: .png and .php.	Equals, Does Not Equal, Equals One of Multiple Values, and Does Not Equal Any Value Contains, Does Not Contain, Contains One of Multiple Values, and Does Not Contain Any Value Exists and Does Not Exist Empty Length Equal To, Length Greater Than, and Length Less Than Prefix Match and Suffix Match Regular Expression Match and Regular Expression Mismatch Important Custom rules that contain the logical operators are considered advanced rules. The billing rules of advanced rules are different from the billing rules of basic rules. For more information, see the "Billable items" section in the Billing overview topic.
Filename	The file name at the end of the URI path. For example, `index.php` in `/abc/index.php` is the file name.	Equals, Does Not Equal, Equals One of Multiple Values, and Does Not Equal Any Value Contains, Does Not Contain, Contains One of Multiple Values, and Does Not Contain Any Value Exists and Does Not Exist Empty Length Equal To, Length Greater Than, and Length Less Than Prefix Match and Suffix Match Regular Expression Match and Regular Expression Mismatch Important Custom rules that contain the logical operators are considered advanced rules. The billing rules of advanced rules are different from the billing rules of basic rules. For more information, see the "Billable items" section in the Billing overview topic.
Host	The requested domain name.	Equals, Does Not Equal, Equals One of Multiple Values, and Does Not Equal Any Value Contains, Does Not Contain, Contains One of Multiple Values, and Does Not Contain Any Value Exists and Does Not Exist Empty Length Equal To, Length Greater Than, and Length Less Than Prefix Match and Suffix Match Regular Expression Match and Regular Expression Mismatch Important Custom rules that contain the logical operators are considered advanced rules. The billing rules of advanced rules are different from the billing rules of basic rules. For more information, see the "Billable items" section in the Billing overview topic.
Cookie Name	The key of the cookie. For example, `awc_tc` in `acw_tc:111` is the key of the cookie.	Equals, Does Not Equal, Equals One of Multiple Values, and Does Not Equal Any Value Contains, Does Not Contain, Contains One of Multiple Values, and Does Not Contain Any Value Exists and Does Not Exist Empty Length Equal To, Length Greater Than, and Length Less Than Prefix Match and Suffix Match Regular Expression Match Important Custom rules that contain the logical operators are considered advanced rules. The billing rules of advanced rules are different from the billing rules of basic rules. For more information, see the "Billable items" section in the Billing overview topic.
Body Parameter	The names of the parameters in the request body. For example, if the request body contains `a=1&b=2`, `a` and `b` are parameter names. Important A custom rule that uses this match field is considered an advanced rule. The billing rules of advanced rules are different from the billing rules of basic rules. For more information, see the "Billable items" section in the Overview topic.	Equals, Does Not Equal, Equals One of Multiple Values, and Does Not Equal Any Value Contains, Does Not Contain, Contains One of Multiple Values, and Does Not Contain Any Value Exists and Does Not Exist Empty Length Equal To, Length Greater Than, and Length Less Than Prefix Match and Suffix Match Regular Expression Match Important Custom rules that contain the logical operators are considered advanced rules. The billing rules of advanced rules are different from the billing rules of basic rules. For more information, see the "Billable items" section in the Billing overview topic.