Basic Concepts
最終更新日:2026-02-05 11:02:10
By defining Matching Conditions, you can specify the request characteristics that a security policy should inspect. Custom rules, rate limiting, and whitelists all use the same structure for configuring matching conditions. The following content lists all currently supported matching condition fields.
Note:
- Each matching field has different operator and input value requirements. Please refer to the table below for specifics.
- For complex scenarios such as “Regex Match” and “Wildcard Match,” it is recommended to ensure that your expressions are standardized and accurate.
- For detailed configuration procedures, please enter parameters according to the instructions provided in your actual management interface.
Description of Matching Fields
| Match Field | Description | Format/Example | Supported Operators | Is Input Case-Sensitive | Supports Multiple Input Values |
|---|---|---|---|---|---|
| IP/IP Segment | Used to match / exclude specific client IPs, supports IPv4/IPv6 as well as CIDR blocks | Single IP: 192.168.1.100, 2001:db8::1 Segment: 192.168.1.0/24, 2001:db8::/32 |
Equals / Does Not Equal | - | Yes |
| Path | The section after the domain and before the ? in the URL, excluding domain and parameters, starting with / |
/common/ecs/channel |
Equals / Does Not Equal / Contains / Does Not Contain / Starts With / Ends With / Wildcard Match / Wildcard Does Not Match / Regex Match / Regex Does Not Match | No (Case-insensitive for Contains, Starts With, Ends With, Wildcard, Regex)/Yes (Equals/Does Not Equal) | Yes (Regex Match / Regex Does Not Support Multiple) |
| URI | The full section after the domain in the URL, including path and parameters, starting with / |
/common/ecs/channel?code=1 |
Equals / Does Not Equal / Contains / Does Not Contain / Starts With / Ends With / Wildcard Match / Wildcard Does Not Match / Regex Match / Regex Does Not Match | No (Case-insensitive for Contains, Starts With, Ends With, Wildcard, Regex)/Yes (Equals/Does Not Equal) | Yes (Regex Match / Regex Does Not Support Multiple) |
| User-Agent | Match client identification based on the User-Agent in the request header |
Browser UA: Mozilla/5.0 (Windows NT 10.0; Chrome/120.0) Crawler UA: Baiduspider/2.0 |
Equals / Does Not Equal / Contains / Does Not Contain / Is Empty or Does Not Exist / Starts With / Ends With / Wildcard Match / Wildcard Does Not Match / Regex Match / Regex Does Not Match | No (Partial Operators)/Yes (Equals/Does Not Equal) | Yes (Regex Match / Regex Does Not Support Multiple) |
| Referer | Match based on the Referer in the request header | Empty Referer: When directly entering the URL/API call, the Referer field is empty | Equals / Does Not Equal / Contains / Does Not Contain / Is Empty or Does Not Exist / Starts With / Ends With / Wildcard Match / Wildcard Does Not Match / Regex Match / Regex Does Not Match | No (Partial Operators)/Yes (Equals/Does Not Equal) | Yes (Regex Match / Regex Does Not Support Multiple) |
| Request Header | Match any standard / custom HTTP header (header name is case-insensitive) | Standard: X-Forwarded-For, Authorization Custom: X-App-Version |
Equals / Does Not Equal / Contains / Does Not Contain / Is Empty or Does Not Exist / Starts With / Ends With / Wildcard Match / Wildcard Does Not Match / Regex Match / Regex Does Not Match | No (Partial Operators)/Yes (Equals/Does Not Equal) | Yes (Regex Match / Regex Does Not Support Multiple) |
| Query String | The query parameter section after the ? in the URL, containing only the parameters |
code=1&type=2 |
Equals / Does Not Equal / Contains / Does Not Contain / Is Empty or Does Not Exist / Starts With / Ends With / Wildcard Match / Wildcard Does Not Match / Regex Match / Regex Does Not Match | Yes | Yes (Regex Match / Regex Does Not Support Multiple) |
| Request Method | Match / Exclude Specific HTTP Request Methods | GET, POST, PUT, DELETE, HEAD, OPTIONS |
Equals / Does Not Equal | - | Yes |
| Region | Match / Exclude Requests from Specific Countries / Provinces (According to Console Region) | China-Beijing, United States, Guangdong Province |
Equals / Not Equals | - | Yes |
| Status Code | Match / Exclude HTTP Response Status Codes (Only Statistics for Response Phase) | 404, 500, 403, 200, 4xx, 5xx |
Equals / Not Equals | - | Yes |
| Client Group | Match / Exclude Client Groups Predefined in Console (Aggregated by IP/UA/Region, etc.) | Office IP Group, Malicious Crawler Group, Domestic User Group |
Equals / Not Equals | - | Yes |
| ASN | Match / Exclude Specific Autonomous System Numbers (ASN, Internet Routing Units) | AS4134 (China Telecom), AS4837 (China Unicom) |
Equals / Not Equals | - | Yes |
このドキュメントの内容は役に立ちましたか?
はい
いいえ