Match Condition

Download PDF

Overview
Web Protection function is implemented by matching different conditions of requests. The following provides a detailed introduction to various matching condition options, matching condition descriptions, and related configuration methods and limitations.
Using Matching Conditions
You can use the matching conditions of the rule to specify the effective scope of the rule, and control the effective scope of protection exception rules, custom rules, rate limiting, and custom bot rules.
Note:
When multiple matching conditions are configured, the rule takes effect only when all matching conditions are satisfied.
Matching Condition Options and Descriptions
Note:
The matching conditions that can be configured vary depending on the rule type and the EdgeOne plan you subscribe to. For specific support situations, please refer to the corresponding function introduction document.
Matching Condition Options
Matching Condition Description
Standard Plan
Enterprise Plan
Request Client IP
Match the source IPs of the request. Support matching based on region, ASN, IP, and CIDR IP segment.
When using IP and CIDR IP segment matching, you can use IP grouping.
Up to 8 IP groups can be configured for a single matching condition.
Support
Support
Request Client IP (Priority Matching XFF Header)
When the request carries a valid XFF (X-Forwarded-For) header, match the first IP in the XFF header; otherwise, match the source IP address.
Not Support
Support
Custom Request Header
Match the specified request header, and provide additional parameter options to match the header value with a specific name.
case-insensitive
Support equal, does not equal, contain, does not contain, wildcard match, wildcard does not match, length greater than, length less than, content is empty, does not exist, regex match.
Support up to 128 matching values.
Not Support
Support
Request URL
Match the request URL.
case-insensitive
Support equal, does not equal, contain, does not contain, wildcard match, wildcard does not match, length greater than, length less than, content is empty, does not exist, regex match.
Support up to 128 matching values.
Matching condition does not support regex match
Support
Request Source (Referer Header)
Match the Referer header of the request.
case-insensitive
Support equal, does not equal, contain, does not contain, wildcard match, wildcard does not match, length greater than, length less than, content is empty, does not exist, regex match.
Support up to 128 matching values.
Matching condition does not support regex match
Support
Request Content Type (Accept Header)
Match the Accept header of the request.
case-insensitive
Support equal, does not equal, contain, does not contain, wildcard match, wildcard does not match, length greater than, length less than, content is empty, does not exist, regex match.
Support up to 128 matching values.
Not Support
Support
Request Path (Path)
Match the path part of the request URL (excluding query parameters).
case-insensitive
Not Support
Support
Request Method (Method)
Match the method of the request.
case-insensitive
Support multiple selections: GET, POST, HEAD, PUT, DELETE, TRACE, OPTIONS, CONNECT.
Matching condition does not support regex match
Support
Request Cookie
Match the specified request Cookie header parameter value. The parameter name must be specified.
Ignore case.
Support equal, does not equal, contain, does not contain, wildcard match, wildcard does not match, length greater than, length less than, content is empty, does not exist, regex match.
Support up to 128 matching values.
Not Support
Support
XFF Extension Header
Match the XFF (X-Forwarded-For) header of the request.
Ignore case.
Support equal, does not equal, contain, does not contain, wildcard match, wildcard does not match, length greater than, length less than, content is empty, does not exist, regex match.
Support up to 128 matching values.
Not Support
Support
Network Layer Protocol
Match the IP protocol type used by the request.
Support multiple selections: IPv4, IPv6.
Not Support
Support
Application Layer Protocol
Match the application layer protocol used by the request.
Support multiple selections: HTTP, HTTPS.
Not Support
Support
HTTP Status Code
Match the HTTP status code of the response.
Only support rate limiting, support configuration when selecting based on response statistics.
Support up to 20 status codes at the same time.
Not Support
Support
﻿

Matching Condition Options	Matching Condition Description	Standard Plan	Enterprise Plan
Request Client IP	Match the source IPs of the request. Support matching based on region, ASN, IP, and CIDR IP segment. When using IP and CIDR IP segment matching, you can use IP grouping. Up to 8 IP groups can be configured for a single matching condition.	Support	Support
Request Client IP (Priority Matching XFF Header)	When the request carries a valid XFF (X-Forwarded-For) header, match the first IP in the XFF header; otherwise, match the source IP address.	Not Support	Support
Custom Request Header	Match the specified request header, and provide additional parameter options to match the header value with a specific name. case-insensitive Support equal, does not equal, contain, does not contain, wildcard match, wildcard does not match, length greater than, length less than, content is empty, does not exist, regex match. Support up to 128 matching values.	Not Support	Support
Request URL	Match the request URL. case-insensitive Support equal, does not equal, contain, does not contain, wildcard match, wildcard does not match, length greater than, length less than, content is empty, does not exist, regex match. Support up to 128 matching values.	Matching condition does not support regex match	Support
Request Source (Referer Header)	Match the Referer header of the request. case-insensitive Support equal, does not equal, contain, does not contain, wildcard match, wildcard does not match, length greater than, length less than, content is empty, does not exist, regex match. Support up to 128 matching values.	Matching condition does not support regex match	Support
Request Content Type (Accept Header)	Match the Accept header of the request. case-insensitive Support equal, does not equal, contain, does not contain, wildcard match, wildcard does not match, length greater than, length less than, content is empty, does not exist, regex match. Support up to 128 matching values.	Not Support	Support
Request Path (Path)	Match the path part of the request URL (excluding query parameters). case-insensitive	Not Support	Support
Request Method (Method)	Match the method of the request. case-insensitive Support multiple selections: GET, POST, HEAD, PUT, DELETE, TRACE, OPTIONS, CONNECT.	Matching condition does not support regex match	Support
Request Cookie	Match the specified request Cookie header parameter value. The parameter name must be specified. Ignore case. Support equal, does not equal, contain, does not contain, wildcard match, wildcard does not match, length greater than, length less than, content is empty, does not exist, regex match. Support up to 128 matching values.	Not Support	Support
XFF Extension Header	Match the XFF (X-Forwarded-For) header of the request. Ignore case. Support equal, does not equal, contain, does not contain, wildcard match, wildcard does not match, length greater than, length less than, content is empty, does not exist, regex match. Support up to 128 matching values.	Not Support	Support
Network Layer Protocol	Match the IP protocol type used by the request. Support multiple selections: IPv4, IPv6.	Not Support	Support
Application Layer Protocol	Match the application layer protocol used by the request. Support multiple selections: HTTP, HTTPS.	Not Support	Support
HTTP Status Code	Match the HTTP status code of the response. Only support rate limiting, support configuration when selecting based on response statistics. Support up to 20 status codes at the same time.	Not Support	Support