All Products
Search

This Product

    Edge Security Acceleration:Functions

    Document Center

    Edge Security Acceleration:Functions

    Last Updated:Feb 12, 2026

    ESA rule provides functions to operate on and validate values in expressions. These include transform functions, which operate on values retrieved from HTTP requests.

    Transform functions supported by the rule

    concat

    Concatenates strings.

    • Format: concat(String | Integer | Bytes | Array elements):String.

    • Logic: Accepts a comma-separated list of values and concatenates them into a single string.

    • Examples:

      • concat("String1"," ","String",2) returns "String1 String2".

      • concat("/archive",http.request.uri.path) prepends the path segment "/archive" to the URI path.

      • concat("userid=123&",http.request.uri.query) prepends the key-value pair "userid=123" to the URI query string.

      • concat("https://www.example.com",http.request.uri.path) combines a new hostname with the original request path to generate a new URL.

    ends_with

    The string ends here.

    • Format: ends_with(source String,substring String):Boolean.

    • Logic:

      • Returns true if source String ends with substring String. Otherwise, it returns false.

      • source String must be a field. It cannot be a literal string. For example, do not write ends_with("foo.html",".html").

    • Example: If http.request.uri.path is "/welcome.html", then ends_with(http.request.uri.path,".html") returns true.

    lower

    Converts a string to lowercase.

    • Format: lower(String):String

    • Logic: Converts the string output of a field to lowercase. Only uppercase ASCII characters are converted. All other characters remain unchanged.

    • Example: If http.host is "WWW.example.com", then lower(http.host)=="www.example.com" returns true.

    regex_replace

    Replaces substrings that match a regular expression pattern.

    • Format: regex_replace(source String,regular_expression String,replacement String):String.

    • Processing logic:

      • Replaces the first occurrence of the substring that matches the regular expression with the replacement string and returns the result.

      • By default, matching is case-sensitive.

      • Only the first match is replaced, even if multiple matches exist in the source string.

      • You can escape a $ character in the replacement string by prefixing it with another $ character.

      • The replacement string can contain references to regular expression capturing groups using the format ${<NUMBER>}, where <NUMBER> is the number of the capturing group. Up to eight such references are supported, such as ${1} and ${2}.

    • Examples:

      • Static character match and replacement:

        • Successful string match: regex_replace("/animal/cat","/cat$","/dog")=="/animal/dog".

        • If no match is found, the source string remains unchanged:

          • Different strings: regex_replace("/x","^/y$","/z")=="/x".

          • Case-sensitive strings: regex_replace("/cat","^/CAT$","/dog")=="/cat".

        • When multiple matches exist, only the first is replaced: regex_replace("/a/a","/a","/b")=="/b/a".

        • Escaping the $ character in the replacement string: regex_replace("/b","^/b$","/b$$")=="/b$".

        • Using capturing groups in the replacement string: regex_replace("/foo/a/path","^/foo/([^/]*)/(.*)$","/bar/${2}/${1}")=="/bar/path/a".

      • Dynamic field match and replacement:

        • The source string uses a dynamic field to retrieve the path information from the client request. This example replaces /cat/ in the path with /dog/: regex_replace(http.request.uri.path,"/cat/(.*)$","/dog/${1}").

        • Complex replacement example: Replaces each + character in the original request path with the string %2B: regex_replace(http.request.uri.path, "^([^+]*)\\+([^+]*)\\+(.*)$", "${1}%2B${2}%2B${3}").

    starts_with

    Starts with

    • Format: starts_with(source String,substring String):Boolean

    • Logic:

      • Returns true if source String starts with substring String. Otherwise, it returns false.

      • source String must be a field. It cannot be a literal string. For example, do not write starts_with("foo.html",".html").

    • Example: If http.request.uri.path is "/welcome.html", then starts_with(http.request.uri.path,".html") returns true.

    to_string

    String output.

    • Format: to_string(Integer | Boolean | IP address):String.

    • Logic: Returns the string representation of an Integer, Boolean, or IP address value.

    • Examples:

      • If the result of ip.src.asnum is 15169, then to_string(ip.src.asnum) returns "15169".

      • If the result of ssl is true, then to_string(ssl) returns "true".

      • If the result of ip.src is 192.168.0.1, then to_string(ip.src) returns "192.168.0.1".

    upper

    Converts a string to uppercase.

    • Format: upper(String):String.

    • Logic: Converts the string output of a field to uppercase. Only lowercase ASCII characters are converted. All other bytes remain unchanged.

    • Example: If http.host is "www.example.com", then upper(http.host) returns "WWW.EXAMPLE.COM".

    wildcard_replace

    String matching using wildcard characters.

    • Format: wildcard_replace(source Bytes,wildcard_pattern Bytes,replacement Bytes,flags Bytes optional):String

    • Logic:

      • Matches the source string against a pattern containing zero or more * wildcard characters. It replaces the matched portion with the replacement string and returns the result. The replacement string can contain references to wildcard capturing groups, such as ${1} and ${2}. A maximum of eight replacement references are supported.

      • If there is no match, the function returns the original source string.

      • The source parameter must be a field, not a literal string. In addition, the entire `source` value must match the `wildcard_pattern` parameter. It cannot match only a part of the field value.

      • To enter a literal * character in the wildcard_pattern parameter, you must escape it with \*. You must also escape the \ character with \\. Two unescaped * characters in a row, such as **, are invalid and cannot be used. To perform character escaping, use raw string syntax for the wildcard_pattern parameter.

      • To enter a literal $ character in the replacement parameter, you must escape it with $$.

      • To perform a case-sensitive wildcard match, set the flags parameter to s.

      • This function uses lazy matching. Each * metacharacter matches the shortest possible string.

    • Examples:

      • If the full URI is https://apps.example.com/calendar/admin?expand=true, the expression wildcard_replace(http.request.full_uri,"https://*.example.com/*/*","https://example.com/${1}/${2}/${3}") returns https://example.com/apps/calendar/admin?expand=true.

      • If the full URI is https://example.com/applications/app1, the expression wildcard_replace(http.request.full_uri,"/applications/*","/apps/${1}") returns https://example.com/applications/app1. The value is unchanged because the wildcard expression did not match the full URI. Use the http.request.uri.path field for URI path matching.

      • If the URI path is /calendar, the expression wildcard_replace(http.request.uri.path,"/*","/apps/${1}") returns /apps/calendar.

      • If the URI path is /Apps/calendar, the expression wildcard_replace(http.request.uri.path,"/apps/*","/${1}") returns /calendar. The match is case-insensitive by default.

      • If the URI path is /Apps/calendar, the expression wildcard_replace(http.request.uri.path,"/apps/*","/${1}","s") returns /Apps/calendar. The flags parameter is set to s to enable case-sensitive matching. Because the pattern does not match the original URI path, the result is unchanged.

      • If the URI path is /apps/calendar/login, the expression wildcard_replace(http.request.uri.path,"/apps/*/login","/${1}/login") returns /calendar/login.