The rules engine allows you to follow the same syntax and logic to create and deploy various rules, such as cache rules, redirect rules, compression rules, origin rules, and Web Application Firewall (WAF) protection rules.
Overview
With the rules engine in Edge Security Acceleration (ESA), you can create rules in a GUI. ESA checks whether to apply a specific configuration to incoming requests based on request parameters defined in the rules. This allows for more flexible and precise content distribution control.
Rule priorities
Rules on a specific aspect (such as browser cache TTL) take precedence over the global configuration for the aspect.
If a specific aspect (such as caching) has a list of rules, the rules apply from top to bottom in sequence. To change the priority of a specific rule in the rule list, change its order in the rule list.
Usage notes
A single rule condition cannot exceed 4 KB in size. The total size of all configuration information of a website, except security configuration, cannot exceed 512 KB in size.
A rule condition supports a nested structure with a maximum depth of two levels. Each level supports separate logical operation settings.
A single rule condition can contain up to 20 match fields.
Filtering rules for traffic
The incoming requests can be filtered by using the following options:
All Requests: This rule applies only to all traffic. All matching results for incoming requests are true.
Filtered Requests: This rule applies only to traffic matching the custom expression.
Rule syntax
A rule condition consists of logical operators and expressions.
Logical operators: connecting expressions in a rule condition to perform a logical operation.
Expressions: filtering out reuquests that meets the designated criteria. You can group multiple expressions to filter requests.
Logical operators
A logical operator connects expressions in a rule condition to perform a logical operation. The following logical operators are supported:
and: the logical conjunction operator. A rule condition is matched only if all expressions in the rule condition are true.
or: the logical disjunction operator. A rule condition is matched if one of the expressions in the rule condition is true.
Expressions
The simplest expression includes components described in the following table.
Component | Corresponding syntax parameter | Description | Required |
Match field | Field | The match field. | Yes |
Value | Value | The match value. | Yes |
Comparison operator | Comparison_operator | The comparison operator. | Yes |
Expression syntax
Simple expressions
Syntax: <field><comparison_operator><value>
Example: http.request.uri.path matches"/image\.(jpg|png)$"
Compound expressions
Definition: multiple expressions connected by logical operators
Syntax: <expreesion><logical_operator><expression>
Example: http.host eq "www.example.com" and http.request.uri.path eq "/content"
Match fields
The hostname (http.host) match field applies to SSL/TLS encryption rules and supports only eq (equals) and ne (not equals) operators.
Match type
| Description | Match type variable | Match operator | Match value |
Request Method | The method used by the request. | http.request.method |
| Valid values:
|
HTTP Version | The HTTP version used by the request. | http.request.version | Valid values:
| |
Country/Region | The country or region to which the client IP address belongs. | ip.geoip.country |
| |
File Name | The name of the file requested by the client. | http.request.uri.path.file_name |
| |
File Extension | The suffix of the name of the file requested by the client. | http.request.uri.path.extension |
| |
IP Source Address | The IP address of the client. | ip.src |
| |
SSL/HTTPS | The type of the protocol used by the request. | http.request.scheme |
| Valid values:
|
Hostname | The hostname contained in the request. Matching order: If hostnames are included in both the URL and the HOST header, the hostname in the request URL is used. | http.host |
|
|
URI | The path in the URL of the request. The value includes the request parameters. | http.request.uri |
| |
URI Full | The full Uniform Resource Identifier (URI) of the request. | http.request.full_uri |
| |
URI Path | The path in the URL of the request. The value excludes the request parameters. | http.request.uri.path |
| |
URI Query String | All request parameters in the URL of the request. | http.request.uri.query |
| |
URI Query String Parameter | The specified query parameters in the URL of the request. | http.request.uri.args["session"] |
| |
Cookie | The cookie contained in the request. | http.cookie |
|
|
User Agent | The client information contained in the request. | http.user_agent |
| |
Referer | The URL of the original web page from which the resource is requested. | http.referer |
| |
X-Forwarded-For | The value of the X-Forwarded-For header in the request. | http.x_forwarded_for |
| |
Header | The specified header in the request. | http.request.headers["session"] |
| |
Cookie Value Of | The specified cookie parameter in the request. | http.request.cookies["session"] |
|
Comparison operators
Operator name | Operator | Negatable | Value type | Remarks |
Equals | eq | No | string | / |
Not equals | ne | No | string | / |
Contains | contains | Yes | string | The operator checks whether the specified string is contained. |
Matches regex | matches | Yes | string | The operator checks for matches by regex. The operator is supported only in the Business and Enterprise plans. |
Includes any | in | Yes | array | The expression is true if any of the specified elements is matched.
|
Starts with | starts_with | Yes | string | / |
Ends with | ends_with | Yes | string | / |
Length less than | len-lt | No | integer | A match is found if the string length is less than the specified length condition. |
Length equal to | len-eq | No | integer | A match is found if the string length is equal to the specified length condition. |
Length greater than | len-gt | No | integer | A match is found if the string length is greater than the specified length condition. |
In list | in_list | Yes | integer | This operator is used on global lists that you create at the account level. |
Exists | exists | Yes | bool | The operator checks if the specified key exists in key-pair values. For example, you can use this operator in rules based on headers, cookies, and query strings. |
Greater than | gt | No | integer | The operator applies to rules where the values are integers. |
Smaller than | lt | No | integer | The operator applies to rules where the values are integers. |
Greater than or equal to | ge | No | integer | The operator applies to rules where the values are integers. |
Smaller than or equal to | le | No | integer | The operator applies to rules where the values are integers. |
Wildcard characters
Wildcard character | Description |
| Matches one single character. |
| Matches any number of characters. |
Create expressions
By default, the expression builder is displayed for you to create expressions.
Use the expression builder
The expression builder allows you to quickly create expressions in an interactive way. However, you may need to switch to the expression editor when you create complicated expressions.
For example, if you want to create an expression based on the request method, select the expression components from the drop-down lists to have the expression builder to automatically create the expression.
Use the expression editor
The expression editor allows you to create more complicated expressions in a more flexible way.
Click Edit Expression.
In the editor, start writing your expressions.
