Match fields - Edge Security Acceleration - Alibaba Cloud Documentation Center

Match fields provide multidimensional configuration options.

Match fields are important in rule expressions. In addition to standard fields, dynamic fields that you can customize based on Edge Security Acceleration (ESA) are provided.

Example: (http.host eq "example-1.com")

Standard fields

Standard fields include common fields in HTTP requests and in IP information.

http.cookie

The cookie used in a request.

Field name: Cookie
Type: String
Case-sensitive.
Empty string allowed in the match value.
Example:
session=330688;background=light

http.host

The hostname used in a request.

Field name: Hostname
Type: String
Case-insensitive.
Empty string not allowed in the match value.
Example:
["www1.alibaba.com","www2.alibaba.com"]

http.referer

The URL of the source page of the current HTTP request.

Field name: Referer
Type: String
Case-insensitive.
Empty string allowed in the match value.
Example:
http://refer.com.cn

http.request.body.form

The request data to be transmitted.

Field name: Body Query String
Type: String
Example:
{"key": "value"}

http.request.body.mime

The Multipurpose Internet Mail Extensions (MIME) type of the request body.

Field name: MIME Type
Type: String
Example:
application/json

http.request.body.raw

The raw content of the request body.

Field name: HTTP Request Body
Type: String
Example:
{"key": "value"}

http.request.cookies

The cookies sent from the request client to the server.

Field name: Cookie Value
Type: String
Case-sensitive.
Empty string allowed in the match value.
Example:
Value 330688 of the session parameter.

http.request.full_uri

The full Uniform Resource Identifier (URI) of the request, including the hostname and path.

Field name: Full URI
Type: String
Case-sensitive.
Empty string not allowed in the match value.
Example:
https://www.example.org/articles/index?section=330688&expand=comments

http.request.headers

The HTTP headers contained in a request.

Field name: Header
Type: Object
Case-sensitive.
Empty string allowed in the match value.
Example:
Value 330688 of the session parameter in a header.

http.request.method

The request method in a request.

Field name: Request Method
Type: Object
Example:
method=GET

http.request.timestamp.sec

The timestamp (in seconds) of a request.

Field name: Request Timestamp
Type: Integer
UNIX time: (1735019278)
Example:
1735019278 (13:47:58 on December 24, 2024)

http.request.uri

The URI used in a request.

Field name: URI
Type: String
Case-sensitive.
Empty string not allowed in the match value.
Example:
/path/to/resource

http.request.uri.args

The parameter in a request URI.

Field name: URI Query String Parameter
Type: String
Case-sensitive.
Empty string allowed in the match value.
Example:
session=330688
Note
You can specify a null value only when you select one of the following match operators:
- equal to
- not equal to
- contains
- matches regex

http.request.uri.path

The URI path in a request.

Field name: URI Path
Type: String
Case-sensitive.
Empty string not allowed in the match value.
Example:
/articles/index

http.request.uri.path.extension

The file name extension in the URI path in a request.

Field name: File Name Extension
Type: String
Case-sensitive.
Empty string not allowed in the match value.
Example:
bz2 is the extension of the foo.tar.bz2 file.

http.request.uri.path.file_name

The file name in the URI path in a request.

Field name: File Name
Type: String
Case-sensitive.
Empty string not allowed in the match value.
Example:
resource

http.request.uri.path.full_file_name

The full file name in the URI path in a request.

Field name: Full File Name
Type: String
Case-sensitive.
Empty string not allowed in the match value.
Example:
resource.html

http.request.uri.query

The URI query string in a request.

Field name: URI Query String
Type: String
Case-sensitive.
Empty string not allowed in the match value.
Example:
section=330688&expand=comments

http.request.version

The HTTP version in a request.

Field name: HTTP Version
Type: String
Example:
HTTP/2

http.user_agent

The User-Agent information in a request.

Field name: User Agent
Type: String
Case-sensitive.
Empty string allowed in the match value.
Example:
curl/7.29.0

http.x_forwarded_for

The value of the header named x_forwarded_for carried in an HTTP request.

Field name: X-Forwarded-For
Type: String
Case-sensitive.
Empty string allowed in the match value.
Example:
192.168.2.X192.168.1.X

ip.geoip.asnum

The autonomous system number (ASN) of the CIDR block to which the source IP address belongs. For more information, see What is ASN.

Field name: ASN
Type: String
Example:
AS15169

ip.geoip.continent

The continent where the request source IP address is located.

Field name: Continent
Type: String
Example:
Asia

Continent name	Continent code

Continent name	Continent code
Africa	AF
Antarctica	AN
Asia	AS
Europe	EU
North America	NA
Oceania	OC
South America	SA

ip.geoip.country

The country information about the request source IP address. For more information, see Introduction of the ISO 3166 standard.

Field name: Country or Region
Type: String
Case-insensitive.
Empty string not allowed in the match value.
Example:
US

ip.src

The request source IP address.

Field name: Client IP
Type: String
Case-insensitive.
Empty string not allowed in the match value.
Example:
192.0.2.1

ip.src.isp

The Internet service provider (ISP) of the request source IP address.

Field Name: ISP
Type: String
Example:
Comcast

ISP name	ISP code

ISP name	ISP code
China Telecom	100017
China Mobile	100025
China Unicom	100026
China Netcom	100016
China Tietong	100020
Great Wall Broadband	100061
China Education and Research Network (CERNET)	100027
China Broadcasting Network	1000139
Beijing Gehua CATV Network	100080
Dr.Peng Group	1000143
Alibaba	100098
Alibaba Cloud	1000323
Tencent	1000401
Baidu	100099
ChinaNetCenter	100093

ip.src.version

The IP version of the request source IP address.

Field name: IP Version
Type: String
Example:
IPv4

ip.src.subdivision_1_iso_code

The ISO code of the first-level subdivision area in the geographic location of the request source IP address. For more information, see Introduction of the ISO 3166 standard.

Field name: Province
Type: String
Case-sensitive.
Example: ID-JC (the Central Java province of Indonesia)

ip.src.region_code

The region code of the load balancer in the geographic location of the request source IP address.

Field name: Load Balancer Region
Type: String
Case-sensitive.
Example:
East Asia (EAS)

Region name	Region code

Region name	Region code
Eastern Europe	EEU
Western Europe	WEU
North America	NAM
South America	SAM
Middle East	ME
North Africa	NAF
South Africa	SAF
Oceania	OC
East Asia	EAS
Southeast Asia	SEAS
South Asia	SAS
Chinese Mainland	CNM

ssl

Indicates whether to use the SSL or TLS protocol.

Field name: SSL/HTTPS
Type: Boolean
Example:
true

Extended fields

Dynamic fields are custom fields provided by ESA in special scenarios.

ali.static_resource

Indicates whether the request is a static request.

Field name: Static Request
Type: Boolean
Example:
true

ali.tls_hash

The request TLS hash value.

Field name: TLS Fingerprint
Type: String
Example:
ABC123HASH

ali.tls_client_auth.cert_verified

The client certificate has been verified.

Field name: Client Certificate Verified
Type: Boolean
Example:
true

ali.js_detection.passed

JavaScript verification has been passed.

Field name: JavaScript Verified
Type: Boolean
Example:
true