All Products
Search

This Product

    Edge Security Acceleration:Work with rules

    Document Center

    Edge Security Acceleration:Work with rules

    Last Updated:Apr 30, 2025

    ESA employs rules as its core. You can configure rules using general syntax rules and filter conditions for features.

    Before you begin

    • If you configure a feature using both rule and global settings, the rule takes precedence for matching incoming requests.

    • The length of a single rule configuration (including the rule condition and feature configuration) can be up to 4 KB in size.

    • All configuration information, including global settings and rules, must not exceed a total size of 512 KB (excluding security rules).

    • The rule name must be 1 to 128 characters in length.

    Rule structure

    In ESA, a rule usually consists of a rule expression and an action.

    Rule expression

    Specifies the filter conditions for your request. A condition is composed of a match field, match operator, and match value.

    In the ESA console, the If requests match... section lists rule expressions. By default, Apply to > Filtered Requests is selected for you to quickly configure filter conditions.

    You can also select All Requests to apply the rule to all requests.

    image

    Note

    In the ESA console, you can also directly edit expressions.

    Action

    Specifies the action you want to take on requests that meet the filter conditions.

    In the Then execute... section in the ESA console, you can set up rules for desired features.

    image

    Filter conditions

    For a single expression

    Sometimes, a single filter condition may not be enough. The ESA rules support combining multiple conditions, using the following logical relationships:

    • AND: Click image to create an AND logical relationship.

      The following figure shows a rule expression, where the hostname and country/region are example-1.com and Chinese mainland, respectively.

    • OR: Click image to create an OR logical relationship.

      The following figure shows a rule expression, where the hostname is example-1.com or example-2.com. image

    Note

    The maximum number of conditions allowed in a rule expression depends on your plan type. For example, an Enterprise plan supports up to 20 conditions in a single expression.

    For a nested expression

    The ESA rules support nesting AND logical relationships within an OR relationship.

    For example, you can set the following filter conditions:

    • The hostname is example-1.com.

    • Or the hostname is example-2.com and the country/region is not the Chinese mainland.

    • Or the hostname is example-3.com.

    image

    Expression builder

    In addition to graphical controls, ESA also provides an expression builder for configuring rule expressions via code.

    Preview an expression

    After you configure a rule expression using graphical controls, ESA automatically generates it in code format.

    image

    • Single expression: (<Match field> <Match operator> <Match value>)

      Example: (http.host eq "example-1.com")

    • Nested expression: (<Single expression 1> <Nested logical operator> <Single expression 2>)

      Example: (http.host eq "example-1.com" and http.host eq "example-2.com")

    Edit an expression

    Click Edit Expression to directly edit a rule expression.image