You must add match conditions when you configure website whitelists and custom protection policies and specify the actions that Web Application Firewall (WAF) performs on the requests that meet the match conditions. This topic describes the fields that you can use in match conditions.
Match conditions and actions
Match conditions
- Each match condition consists of a matching field, logical operator, and matching content. You can use regular expressions only in some of the matching fields. For more information, see Supported matching fields.
- You can add up to five match conditions to a protection rule. The logical operator between the conditions is AND. The custom rule takes effect only when all the match conditions are met.
Actions
When you configure a protection rule for a whitelist, you must specify a module in
the Bypassed Modules parameter. Then, requests are not checked by the specified module. When you configure
a custom protection policy, you must specify an action that is performed on the requests
that meet the match conditions by setting the Action parameter. For more information, see the following topics:
Supported matching fields
Matching field | Edition | Logical operator | Description |
---|---|---|---|
URL | Pro, Business, Enterprise, and Exclusive |
|
The URL of the request. |
IP | Pro, Business, Enterprise, and Exclusive | Has and Does not have | The source IP address of the request. You can enter IP addresses or CIDR blocks such
as 47.100.XX.XX/24.
Note You can enter a maximum of 50 IP addresses or CIDR blocks for a single protection
rule. Assume that a protection rule has two match conditions with IP as their matching
field. The total number of IP addresses or CIDR blocks that you enter in the matching
content of the two match conditions can be up to 50. Multiple IP addresses or CIDR
blocks must be separated with commas (,).
|
Referer | Pro, Business, Enterprise, and Exclusive |
|
The URL of the source page from which the access request is redirected. |
User-Agent | Pro, Business, Enterprise, and Exclusive |
|
The browser information about the client that initiates the request. The information includes the browser, rendering engine, and version. |
Params | Pro, Business, Enterprise, and Exclusive |
|
The parameter part in the request URL. The parameter part follows the question mark
(?) in the URL. For example, in www.example.com/index.html?action=login , action=login is the parameter part.
|
Query-Arg | Pro, Business, Enterprise, and Exclusive |
|
The parameter part in the request URL. The parameter part follows the question mark
(?) in the URL. For example, in www.example.com/request_path?arg1=a&arg2=b , arg1 or arg2 is the query string.
Note When you configure a match condition, if the Matching field parameter is set to
Query-Arg , the Logical operator parameter is set to Contains , and the Matching content parameter is set to arg, requests that contain arg1 or
arg2 are matched. If you want to filter requests based on precise match conditions,
we recommend that you set the Matching field parameter to Query-Arg, the Logical operator
parameter to Contains , and the Matching content parameter to arg1 or arg2 .
|
URLPath | Pro, Business, Enterprise, and Exclusive |
|
The URL path of the request. |
Cookie | Business, Enterprise, and Exclusive |
|
The cookie information in an access request. |
Content-Type | Business, Enterprise, and Exclusive |
|
The HTTP content type that is specified for the response. The HTTP content type is known as the Multipurpose Internet Mail Extensions (MIME) type. |
Content-Length | Business, Enterprise, and Exclusive | Equals, Value more than, and Value less than | The number of bytes in the response. |
X-Forwarded-For | Business, Enterprise, and Exclusive |
|
The originating IP address of the client that initiates access requests. The HTTP X-Forwarded-For (XFF) header is used to identify the originating IP address of the request that is forwarded by an HTTP proxy or a load balancer. The XFF header is included only in requests that are forwarded by an HTTP proxy or a load balancer. |
Post-Body | Business, Enterprise, and Exclusive |
|
The content of the request. |
Server-Port | Business, Enterprise, and Exclusive | Equals, Does not equal, Equals to one of multiple values, and Does not equal to any value | The port number of the origin server. For example, in www.example.com:9999 , the port number is 9999.
|
Http-Method | Business, Enterprise, and Exclusive | Equals, Does not equal, Equals to one of multiple values, and Does not equal to any value | The request method. Valid values: GET, POST, DELETE, PUT, and OPTIONS. |
Header | Business, Enterprise, and Exclusive |
|
The header of the request, which is used to create a custom HTTP header. |