All Products
Search

This Product

    Edge Security Acceleration:Match fields

    Document Center

    Edge Security Acceleration:Match fields

    Last Updated:Mar 21, 2025

    Match fields provide multidimensional configuration options.

    Match fields are important in rule expressions. In addition to standard fields, dynamic fields that you can customize based on Edge Security Acceleration (ESA) are provided.

    Example: (http.host eq "example-1.com")

    Standard fields

    Standard fields include common fields in HTTP requests and in IP information.

    http.cookie

    The cookie used in a request.

    • Field name: Cookie

    • Type: String

    • Case-sensitive.

    • Empty string allowed in the match value.

    • Example:

      session=330688;background=light

    http.host

    The hostname used in a request.

    • Field name: Hostname

    • Type: String

    • Case-insensitive.

    • Empty string not allowed in the match value.

    • Example:

      ["www1.alibaba.com","www2.alibaba.com"]

    http.referer

    The URL of the source page of the current HTTP request.

    • Field name: Referer

    • Type: String

    • Case-insensitive.

    • Empty string allowed in the match value.

    • Example:

      http://refer.com.cn

    http.request.body.form

    The request data to be transmitted.

    • Field name: Body Query String

    • Type: String

    • Example:

      {"key": "value"}

    http.request.body.mime

    The Multipurpose Internet Mail Extensions (MIME) type of the request body.

    • Field name: MIME Type

    • Type: String

    • Example:

      application/json

    http.request.body.raw

    The raw content of the request body.

    • Field name: HTTP Request Body

    • Type: String

    • Example:

      {"key": "value"}

    http.request.cookies

    The cookies sent from the request client to the server.

    • Field name: Cookie Value

    • Type: String

    • Case-sensitive.

    • Empty string allowed in the match value.

    • Example:

      Value 330688 of the session parameter.

    http.request.full_uri

    The full Uniform Resource Identifier (URI) of the request, including the hostname and path.

    • Field name: Full URI

    • Type: String

    • Case-sensitive.

    • Empty string not allowed in the match value.

    • Example:

      htt­ps://www.example.org/articles/index?section=330688&expand=comments

    http.request.headers

    The HTTP headers contained in a request.

    • Field name: Header

    • Type: Object

    • Case-sensitive.

    • Empty string allowed in the match value.

    • Example:

      Value 330688 of the session parameter in a header.

    http.request.method

    The request method in a request.

    • Field name: Request Method

    • Type: Object

    • Example:

      method=GET

    http.request.timestamp.sec

    The timestamp (in seconds) of a request.

    • Field name: Request Timestamp

    • Type: Integer

    • UNIX time: (1735019278)

    • Example:

      1735019278 (13:47:58 on December 24, 2024)

    http.request.uri

    The URI used in a request.

    • Field name: URI

    • Type: String

    • Case-sensitive.

    • Empty string not allowed in the match value.

    • Example:

      /path/to/resource

    http.request.uri.args

    The parameter in a request URI.

    • Field name: URI Query String Parameter

    • Type: String

    • Case-sensitive.

    • Empty string allowed in the match value.

    • Example:

      session=330688

      Note

      You can specify a null value only when you select one of the following match operators:

      • equal to

      • not equal to

      • contains

      • matches regex

    http.request.uri.path

    The URI path in a request.

    • Field name: URI Path

    • Type: String

    • Case-sensitive.

    • Empty string not allowed in the match value.

    • Example:

      /articles/index

    http.request.uri.path.extension

    The file name extension in the URI path in a request.

    • Field name: File Name Extension

    • Type: String

    • Case-sensitive.

    • Empty string not allowed in the match value.

    • Example:

      bz2 is the extension of the foo.tar.bz2 file.

    http.request.uri.path.file_name

    The file name in the URI path in a request.

    • Field name: File Name

    • Type: String

    • Case-sensitive.

    • Empty string not allowed in the match value.

    • Example:

      resource

    http.request.uri.path.full_file_name

    The full file name in the URI path in a request.

    • Field name: Full File Name

    • Type: String

    • Case-sensitive.

    • Empty string not allowed in the match value.

    • Example:

      resource.html

    http.request.uri.query

    The URI query string in a request.

    • Field name: URI Query String

    • Type: String

    • Case-sensitive.

    • Empty string not allowed in the match value.

    • Example:

      section=330688&expand=comments

    http.request.version

    The HTTP version in a request.

    • Field name: HTTP Version

    • Type: String

    • Example:

      HTTP/2

    http.user_agent

    The User-Agent information in a request.

    • Field name: User Agent

    • Type: String

    • Case-sensitive.

    • Empty string allowed in the match value.

    • Example:

      curl/7.29.0

    http.x_forwarded_for

    The value of the header named x_forwarded_for carried in an HTTP request.

    • Field name: X-Forwarded-For

    • Type: String

    • Case-sensitive.

    • Empty string allowed in the match value.

    • Example:

      192.168.2.X192.168.1.X

    ip.geoip.asnum

    The autonomous system number (ASN) of the CIDR block to which the source IP address belongs. For more information, see What is ASN.

    • Field name: ASN

    • Type: String

    • Example:

      AS15169

    ip.geoip.continent

    The continent where the request source IP address is located.

    • Field name: Continent

    • Type: String

    • Example:

      Asia

    Continent name

    Continent code

    Africa

    AF

    Antarctica

    AN

    Asia

    AS

    Europe

    EU

    North America

    NA

    Oceania

    OC

    South America

    SA

    ip.geoip.country

    The country information about the request source IP address. For more information, see Introduction of the ISO 3166 standard.

    • Field name: Country or Region

    • Type: String

    • Case-insensitive.

    • Empty string not allowed in the match value.

    • Example:

      US

    ip.src

    The request source IP address.

    • Field name: Client IP

    • Type: String

    • Case-insensitive.

    • Empty string not allowed in the match value.

    • Example:

      192.0.2.1

    ip.src.isp

    The Internet service provider (ISP) of the request source IP address.

    • Field Name: ISP

    • Type: String

    • Example:

      Comcast

    ISP name

    ISP code

    China Telecom

    100017

    China Mobile

    100025

    China Unicom

    100026

    China Netcom

    100016

    China Tietong

    100020

    Great Wall Broadband

    100061

    China Education and Research Network (CERNET)

    100027

    China Broadcasting Network

    1000139

    Beijing Gehua CATV Network

    100080

    Dr.Peng Group

    1000143

    Alibaba

    100098

    Alibaba Cloud

    1000323

    Tencent

    1000401

    Baidu

    100099

    ChinaNetCenter

    100093

    ip.src.version

    The IP version of the request source IP address.

    • Field name: IP Version

    • Type: String

    • Example:

      IPv4

    ip.src.subdivision_1_iso_code

    The ISO code of the first-level subdivision area in the geographic location of the request source IP address. For more information, see Introduction of the ISO 3166 standard.

    • Field name: Province

    • Type: String

    • Case-sensitive.

    • Example: ID-JC (the Central Java province of Indonesia)

    ip.src.region_code

    The region code of the load balancer in the geographic location of the request source IP address.

    • Field name: Load Balancer Region

    • Type: String

    • Case-sensitive.

    • Example:

      East Asia (EAS)

    Region name

    Region code

    Eastern Europe

    EEU

    Western Europe

    WEU

    North America

    NAM

    South America

    SAM

    Middle East

    ME

    North Africa

    NAF

    South Africa

    SAF

    Oceania

    OC

    East Asia

    EAS

    Southeast Asia

    SEAS

    South Asia

    SAS

    Chinese Mainland

    CNM

    ssl

    Indicates whether to use the SSL or TLS protocol.

    • Field name: SSL/HTTPS

    • Type: Boolean

    • Example:

      true

    Extended fields

    Dynamic fields are custom fields provided by ESA in special scenarios.

    ali.static_resource

    Indicates whether the request is a static request.

    • Field name: Static Request

    • Type: Boolean

    • Example:

      true

    ali.tls_hash

    The request TLS hash value.

    • Field name: TLS Fingerprint

    • Type: String

    • Example:

      ABC123HASH

    ali.tls_client_auth.cert_verified

    The client certificate has been verified.

    • Field name: Client Certificate Verified

    • Type: Boolean

    • Example:

      true

    ali.js_detection.passed

    JavaScript verification has been passed.

    • Field name: JavaScript Verified

    • Type: Boolean

    • Example:

      true