The rules engine allows you to follow the same syntax and logic to create and deploy various rules, such as cache rules, redirect rules, compression rules, origin rules, and Web Application Firewall (WAF) protection rules.
Overview
With the rules engine in Edge Security Acceleration (ESA), you can create rules in a GUI. ESA checks whether to apply a specific configuration to incoming requests based on request parameters defined in the rules. This allows for more flexible and precise content distribution control.
Rule priorities
Rules on a specific aspect (such as browser cache TTL) take precedence over the global configuration for the aspect.
If a specific aspect (such as caching) has a list of rules, the rules apply from top to bottom in sequence. To change the priority of a specific rule in the rule list, change its order in the rule list.
Usage notes
A single rule condition cannot exceed 4 KB in size. The total size of all configuration information of a website, except for security configuration, cannot exceed 512 KB in size.
A rule condition supports a nested structure with a maximum depth of two levels. Each level supports separate logical operation settings.
A single rule condition can contain up to 20 match fields.
Description of the Apply to parameter
When you create a rule, the following options are available for the Apply to parameter:
All Requests: The created rule applies to all traffic on the website.
Filtered Requests: The created rule applies only to traffic that matches the custom expression. You can select this option to accurately filter requests.
Rule syntax
A rule condition consists of expressions and a logical operator.
Expression: used to filter requests with specific characteristics.
Logical operator: used to combine multiple expressions.
You can specify multiple expressions and combine them to filter requests based on your business requirements.
Logical operators
A logical operator connects expressions in a rule condition to perform a logical operation. The following logical operators are supported:
and: A rule condition is matched only if all expressions in the rule condition are true.
or: A rule condition is matched if one of the expressions in the rule condition is true.
Expressions
A simple expression contains parameters described in the following table.
Parameter | Corresponding syntax parameter | Description | Required |
Match field | Field | The match field. | Yes |
Match value | Value | The match value. | Yes |
Comparison operator | Comparison_operator | The comparison operator. | Yes |
Expression syntax
Simple expressions
Syntax: <field><comparison_operator><value>
Example: http.request.uri.path matches"/image\.(jpg|png)$"
Compound expressions
Definition: multiple expressions connected by logical operators
Syntax: <expreesion><logical_operator><expression>
Example: http.host eq "www.example.com" and http.request.uri.path eq "/content"
Match fields
The hostname (http.host) match field applies to SSL/TLS encryption rules and supports only the equals and does not equal operators.
Some Internet service providers (ISPs) may assign private IP addresses to clients in specific regions. In this case, POPs cannot accurately determine the country/region, IP source address, province, or ISP of the client as the received requests are sent from a private IP address. For more information, see How do I identify private CIDR blocks?
Match field | Description | Variable name in expression | Supported comparison operator | Match value |
Request Method | The method used by the request. | http.request.method |
| Valid values:
|
HTTP Version | The HTTP version used by the request. | http.request.version | Valid values:
| |
Country/Region | The country or region to which the client IP address belongs. | ip.geoip.country |
| |
File Name | The name of the file requested by the client. | http.request.uri.path.file_name |
| |
File Extension | The suffix of the name of the file requested by the client. | http.request.uri.path.extension |
| |
IP Source Address | The IP address of the client. | ip.src |
| |
SSL/HTTPS | The type of the protocol used by the request. | http.request.scheme |
| Valid values:
|
Hostname | The hostname contained in the request. Matching order: If hostnames are included in both the URL and the HOST header, the hostname in the request URL is used. | http.host |
|
|
URI | The path in the URL of the request. The value includes the request parameters. | http.request.uri |
| |
URI Full | The full Uniform Resource Identifier (URI) of the request. | http.request.full_uri |
| |
URI Path | The path in the URL of the request. The value excludes the request parameters. | http.request.uri.path |
| |
URI Query String | All request parameters in the URL of the request. | http.request.uri.query |
| |
URI Query String Parameter | The specified query parameters in the URL of the request. | http.request.uri.args["session"] |
| |
Cookie | The cookie contained in the request. | http.cookie |
|
|
User Agent | The client information contained in the request. | http.user_agent |
| |
Referer | The URL of the original web page from which the resource is requested. | http.referer |
| |
X-Forwarded-For | The value of the X-Forwarded-For header in the request. | http.x_forwarded_for |
| |
Header | The specified header in the request. | http.request.headers["session"] |
| |
Cookie Value Of | The specified cookie parameter in the request. | http.request.cookies["session"] |
| |
ISP | The ISP to which the client IP address belongs. | ip.src.isp |
| Valid values:
|
IP Protocol Version | The protocol version of the client IP address. | ip.src.version |
| Valid values:
|
Province | The first-level administrative subdivision of a country. | ip.src.subdivision_1_iso_code |
|
|
Load Balancer Region | The region where the load balancer resides. | ip.src.region_code |
|
|
Request Timestamp | The Unix timestamp that indicates when the request arrives at the POP. | http.request.timestamp.sec |
|
|
Comparison operators
Operator name | Operator | Negatable | Value type | Remarks |
equals | eq | No | string | / |
does not equal | ne | No | string | / |
contains | contains | Yes | string | The operator checks whether the specified string is contained. |
matches regex | matches | Yes | string | The operator checks for matches by regex. Only Business and Enterprise plans support the operator. |
is in | in | Yes | array | The expression is true if any of the specified elements is matched.
|
starts with | starts_with | Yes | string | / |
ends with | ends_with | Yes | string | / |
length less than | len-lt | No | integer | A match is found if the string length is less than the specified length condition. |
length equal to | len-eq | No | integer | A match is found if the string length is equal to the specified length condition. |
length greater than | len-gt | No | integer | A match is found if the string length is greater than the specified length condition. |
in list | in_list | Yes | integer | This operator is used on global lists that you create at the account level. |
exists | exists | Yes | bool | The operator checks if the specified key exists in key-pair values. For example, you can use this operator in rules based on headers, cookies, and query strings. |
greater than | gt | No | integer | The operator applies to rules where the values are integers. |
smaller than | lt | No | integer | The operator applies to rules where the values are integers. |
greater than or equal to | ge | No | integer | The operator applies to rules where the values are integers. |
smaller than or equal to | le | No | integer | The operator applies to rules where the values are integers. |
Wildcard characters
Wildcard character | Description |
| Matches one single character. |
| Matches any number of characters. |
Create expressions
By default, the expression builder is displayed for you to create expressions.
Use the expression builder
The expression builder allows you to quickly create expressions in an interactive way. However, you may need to switch to the expression editor when you create complicated expressions.
For example, if you want to create an expression based on the request method, select the expression components from the drop-down lists to have the expression builder to automatically create the expression.
Use the expression editor
The expression editor allows you to create more complicated expressions in a more flexible way.
Click Edit Expression.
In the editor, enter the expressions.