All Products
Search
Document Center

Edge Security Acceleration:Functions

Last Updated:May 27, 2026

The ESA rule language provides transform functions that manipulate and validate values extracted from HTTP requests.

Supported transform functions

concat

Concatenates strings.

  • Format: concat(String | Integer | Bytes | Array elements):String.

  • Logic: Concatenates a comma-separated list of values into a single string.

  • Examples:

    • concat("String1"," ","String",2) returns "String1 String2".

    • concat("/archive",http.request.uri.path) prepends the path segment "/archive" to the URI path.

    • concat("userid=123&",http.request.uri.query) prepends the key-value pair "userid=123" to the URI query string.

    • concat("https://www.example.com",http.request.uri.path) combines a new hostname with the original request path to generate a new URL.

ends_with

Checks whether a string ends with a specified substring.

  • Format: ends_with(source String,substring String):Boolean.

  • Logic:

    • Returns true if source String ends with substring String. Otherwise, it returns false.

    • source String must be a field. It cannot be a literal string. For example, do not write ends_with("foo.html",".html").

  • Example: If http.request.uri.path is "/welcome.html", then ends_with(http.request.uri.path,".html") returns true.

lower

Converts a string to lowercase.

  • Format: lower(String):String

  • Logic: Converts a field string value to lowercase. Only uppercase ASCII bytes are converted; all other bytes remain unchanged.

  • Example: If http.host is "WWW.example.com", then lower(http.host)=="www.example.com" returns true.

regex_replace

Replaces substrings that match a regular expression pattern.

  • Format: regex_replace(source String,regular_expression String,replacement String):String.

  • Logic:

    • Replaces the first substring matching the regular expression with the replacement string.

    • By default, matching is case-sensitive.

    • Only the first match is replaced, even if multiple matches exist in the source string.

    • You can escape a $ character in the replacement string by prefixing it with another $ character.

    • The replacement string can contain references to regular expression capturing groups using the format ${<NUMBER>}, where <NUMBER> is the number of the capturing group. Up to eight such references are supported, such as ${1} and ${2}.

  • Examples:

    • Static character match and replacement:

      • Successful string match: regex_replace("/animal/cat","/cat$","/dog")=="/animal/dog".

      • If no match is found, the source string remains unchanged:

        • Different strings: regex_replace("/x","^/y$","/z")=="/x".

        • Case-sensitive strings: regex_replace("/cat","^/CAT$","/dog")=="/cat".

      • When multiple matches exist, only the first is replaced: regex_replace("/a/a","/a","/b")=="/b/a".

      • Escaping the $ character in the replacement string: regex_replace("/b","^/b$","/b$$")=="/b$".

      • Using capturing groups in the replacement string: regex_replace("/foo/a/path","^/foo/([^/]*)/(.*)$","/bar/${2}/${1}")=="/bar/path/a".

    • Dynamic field match and replacement:

      • The source string uses a dynamic field to retrieve the path information from the client request. This example replaces /cat/ in the path with /dog/: regex_replace(http.request.uri.path,"/cat/(.*)$","/dog/${1}").

      • Complex replacement example: Replaces each + character in the original request path with the string %2B: regex_replace(http.request.uri.path, "^([^+]*)\\+([^+]*)\\+(.*)$", "${1}%2B${2}%2B${3}").

starts_with

Checks whether a string starts with a specified substring.

  • Format: starts_with(source String,substring String):Boolean

  • Logic:

    • Returns true if source String starts with substring String. Otherwise, it returns false.

    • source String must be a field. It cannot be a literal string. For example, do not write starts_with("foo.html",".html").

  • Example: If http.request.uri.path is "/welcome.html", then starts_with(http.request.uri.path,".html") returns true.

to_string

Converts a value to its string representation.

  • Format: to_string(Integer | Boolean | IP address):String.

  • Logic: Returns the string representation of an Integer, Boolean, or IP address value.

  • Examples:

    • If the result of ip.src.asnum is 15169, then to_string(ip.src.asnum) returns "15169".

    • If the result of ssl is true, then to_string(ssl) returns "true".

    • If the result of ip.src is 192.168.0.1, then to_string(ip.src) returns "192.168.0.1".

upper

Converts a string to uppercase.

  • Format: upper(String):String.

  • Logic: Converts a field string value to uppercase. Only lowercase ASCII bytes are converted; all other bytes remain unchanged.

  • Example: If http.host is "www.example.com", then upper(http.host) returns "WWW.EXAMPLE.COM".

wildcard_replace

Replaces substrings that match a wildcard pattern.

  • Format: wildcard_replace(source Bytes,wildcard_pattern Bytes,replacement Bytes,flags Bytes optional):String

  • Logic:

    • Matches the source string against a pattern containing zero or more * wildcards, replaces the matched portion with the replacement string, and returns the result. The replacement string can contain references to wildcard capturing groups, such as ${1} and ${2}. Up to eight replacement references are supported.

    • If there is no match, the function returns the original source string.

    • The source parameter must be a field, not a literal string. The entire source value must match the wildcard_pattern parameter — partial matches are not supported.

    • To enter a literal * character in the wildcard_pattern parameter, you must escape it with \*. You must also escape the \ character with \\. Two unescaped * characters in a row, such as **, are invalid and cannot be used. To perform character escaping, use raw string syntax for the wildcard_pattern parameter.

    • To enter a literal $ character in the replacement parameter, you must escape it with $$.

    • To perform a case-sensitive wildcard match, set the flags parameter to s.

    • This function uses lazy matching — each * matches the shortest possible string.

  • Examples:

    • If the full URI is https://apps.example.com/calendar/admin?expand=true, the expression wildcard_replace(http.request.full_uri,"https://*.example.com/*/*","https://example.com/${1}/${2}/${3}") returns https://example.com/apps/calendar/admin?expand=true.

    • If the full URI is https://example.com/applications/app1, the expression wildcard_replace(http.request.full_uri,"/applications/*","/apps/${1}") returns https://example.com/applications/app1 unchanged because the pattern must match the full URI. Use http.request.uri.path for path-only matching.

    • If the URI path is /calendar, the expression wildcard_replace(http.request.uri.path,"/*","/apps/${1}") returns /apps/calendar.

    • If the URI path is /Apps/calendar, the expression wildcard_replace(http.request.uri.path,"/apps/*","/${1}") returns /calendar. The match is case-insensitive by default.

    • If the URI path is /Apps/calendar, the expression wildcard_replace(http.request.uri.path,"/apps/*","/${1}","s") returns /Apps/calendar. The flags parameter is set to s to enable case-sensitive matching. Because the pattern does not match the original URI path, the result is unchanged.

    • If the URI path is /apps/calendar/login, the expression wildcard_replace(http.request.uri.path,"/apps/*/login","/${1}/login") returns /calendar/login.