Match Condition
Overview
Web Protection function is implemented by matching different conditions of requests. The following provides a detailed introduction to various matching condition options, matching condition descriptions, and related configuration methods and limitations.
Using Matching Conditions
You can use the matching conditions of the rule to specify the effective scope of the rule, and control the effective scope of protection exception rules, custom rules, rate limiting, and custom bot rules.
Note:
When multiple matching conditions are configured, the rule takes effect only when all matching conditions are satisfied.
Matching Condition Options and Descriptions
Note:
The matching conditions that can be configured vary depending on the rule type and the EdgeOne plan you subscribe to. For specific support situations, please refer to the corresponding function introduction document.
Matching Condition Options | Matching Condition Description | Standard Plan | Enterprise Plan |
Request Client IP | Match the source IPs of the request. Support matching based on region, ASN, IP, and CIDR IP segment. When using IP and CIDR IP segment matching, you can use IP grouping. Up to 8 IP groups can be configured for a single matching condition. | Support | Support |
Request Client IP (Priority Matching XFF Header) | When the request carries a valid XFF (X-Forwarded-For) header, match the first IP in the XFF header; otherwise, match the source IP address. | Not Support | Support |
Custom Request Header | Match the specified request header, and provide additional parameter options to match the header value with a specific name. case-insensitive Support equal, does not equal, contain, does not contain, wildcard match, wildcard does not match, length greater than, length less than, content is empty, does not exist, regex match. Support up to 128 matching values. | Not Support | Support |
Request URL | Match the request URL. case-insensitive Support equal, does not equal, contain, does not contain, wildcard match, wildcard does not match, length greater than, length less than, content is empty, does not exist, regex match. Support up to 128 matching values. | Matching condition does not support regex match | Support |
Request Source (Referer Header) | Match the Referer header of the request. case-insensitive Support equal, does not equal, contain, does not contain, wildcard match, wildcard does not match, length greater than, length less than, content is empty, does not exist, regex match. Support up to 128 matching values. | Matching condition does not support regex match | Support |
Request Content Type (Accept Header) | Match the Accept header of the request. case-insensitive Support equal, does not equal, contain, does not contain, wildcard match, wildcard does not match, length greater than, length less than, content is empty, does not exist, regex match. Support up to 128 matching values. | Not Support | Support |
Request Path (Path) | Match the path part of the request URL (excluding query parameters). case-insensitive | Not Support | Support |
Request Method (Method) | Match the method of the request. case-insensitive Support multiple selections: GET, POST, HEAD, PUT, DELETE, TRACE, OPTIONS, CONNECT. | Matching condition does not support regex match | Support |
Request Cookie | Match the specified request Cookie header parameter value. The parameter name must be specified. Ignore case. Support equal, does not equal, contain, does not contain, wildcard match, wildcard does not match, length greater than, length less than, content is empty, does not exist, regex match. Support up to 128 matching values. | Not Support | Support |
XFF Extension Header | Match the XFF (X-Forwarded-For) header of the request. Ignore case. Support equal, does not equal, contain, does not contain, wildcard match, wildcard does not match, length greater than, length less than, content is empty, does not exist, regex match. Support up to 128 matching values. | Not Support | Support |
Network Layer Protocol | Match the IP protocol type used by the request. Support multiple selections: IPv4, IPv6. | Not Support | Support |
Application Layer Protocol | Match the application layer protocol used by the request. Support multiple selections: HTTP, HTTPS. | Not Support | Support |
HTTP Status Code | Match the HTTP status code of the response. Only support rate limiting, support configuration when selecting based on response statistics. Support up to 20 status codes at the same time. | Not Support | Support |