You must add match conditions when you configure custom rules for whitelists and custom protection policies for Web Application Firewall (WAF). This topic describes the fields that you can use in the match conditions and their descriptions.
Match conditions and actions
You can configure custom rules for whitelists and custom protection policies in the WAF console. A custom rule consists of match conditions and actions. When you configure a custom rule, you must specify the match fields, logical operators, and match content to add match conditions. You also need to select an action to perform on requests that match the conditions you specify.
- Match Condition
Each match condition consists of a match field, logical operator, and match content. The match content does not support regular expressions. You can add up to five match conditions to a custom rule. The logical relation among the conditions is AND. The custom rule takes effect only if all the match conditions are met.
- ActionWhen you configure a custom rule for whitelists, you specify a module in the Modules Bypassing Check parameter. Requests are not checked by the module that you selected. If you configure a custom rule for custom protection policies, the action that you selected is performed on the requests that meet match conditions. For more information, see the following topics:
Supported match fields
The following table describes the match fields that are supported in match conditions.
Match field | Edition | Logical operator | Description |
---|---|---|---|
IP | Pro edition or higher | Belongs To and Does Not Belong To | The source IP address of the request. You can enter IP addresses or CIDR blocks. Example:
47.100.XX.XX/24.
Note You can enter up to 50 IP addresses or CIDR blocks. Separate them with commas (,).
|
URL | Pro edition or higher |
|
The URL of the request. |
Referer | Pro edition or higher |
|
The URL of the source page from which the request is redirected. |
User-Agent | Pro edition or higher |
|
The browser information about the client that initiates the request. The information includes the browser, rendering engine, and version. |
Params | Pro edition or higher |
|
The parameter part in the request URL. The parameter part follows the question mark
(?) in the URL. Example: In www.example.com/index.html?action=login , action=login is the parameter part.
|
Query-Arg | Pro edition or higher |
|
The query string in the request URL. The query string is the part that follows the
question mark (?) in the URL. Example: In www.example.com/request_path?arg1=a&arg2=b , arg1 or arg2 is the query string.
Note If multiple query strings are included in the request and the Matching field parameter
is set to Query-Arg, the Logical operator parameter is set to Includes, and the Matching
content parameter is set to arg, requests that contain arg1 or arg2 are matched. If
you want to filter requests based on precise match conditions, we recommend that you
set the Matching field parameter to Query-Arg, the Logical operator parameter to Includes,
and the Matching content parameter to arg1 or arg2.
|
URLPath | Pro edition or higher |
|
The URL path of the request. |
Cookie | Business edition or higher |
|
The cookie information in the request. |
Content-Type | Business edition or higher |
|
The HTTP content type that is specified for the response. The HTTP content type is known as the Multipurpose Internet Mail Extensions (MIME) type. |
Content-Length | Business edition or higher | Value Less Than, Value Equals, and Value More Than | The number of bytes that is allowed in the response. |
X-Forwarded-For | Business edition or higher |
|
The originating IP address. The HTTP X-Forwarded-For (XFF) header is used to identify the originating IP address of the request that is forwarded by an HTTP proxy or a Server Load Balancer (SLB) instance. The XFF header is included only in the request that is forwarded by an HTTP proxy or an SLB instance. |
Post-Body | Business edition or higher |
|
The content of the request. |
Server-Port | Business edition or higher | Equals, Does Not Equal, Equals One of Multiple Values, Does Not Equal Any Value | The port number of the origin server. Example: In www.example.com:9999 , the port number is 9999.
|
Http-Method | Business edition or higher | Equals, Does Not Equal, Equals One of Multiple Values, Does Not Equal Any Value | The request method. Valid values: GET, POST, DELETE, PUT, and OPTIONS. |
Header | Business edition or higher |
|
The header of the request, which is used to create a custom HTTP header. |