Release Notes
Product Announcement
Security Advisory
Match Mode Field Description
When setting allowlist rules, custom allow rules, custom access control, and CC protection rules, you need to configure the match method in the rules to define the request features to match. This article introduces the fields supported by the rule matching condition and their definitions.
Custom Rule Scenario
Module Name | Description |
Allow requests with specified characteristics to pass without testing by the rule engine. | |
Allow requests with specified characteristics to pass without testing by all or specific protection modules. Note: Protection modules: Web Protection - Rules Engine, Web Protection - malicious file detection, IP blocking, Access Control-Region Blocking, Access Control-Custom Rules, CC protection, Data leakage prevention, IP Blocklist/Allowlist, Bot Protection, API security, Mini Program Traffic Risk Control, Large Model Security | |
Control access of public network users through feature matching. | |
Handle statistical objects with frequency anomalies that hit the match condition. |
Matching Condition
Matching condition refers to the request features that Web Application Firewall (WAF) needs to detect. When setting an allowlist rule, custom allow rule, custom access control, or CC protection rule, you define the matching condition to specify the request features to detect. If a request meets the match condition set within the rules, it hits the corresponding rule. WAF then handles the request based on the rule action set in the rules (such as observation, block, or redirect).
The matching condition consists of match field, parameters, operator, and content. On the right, you can select whether the match field is case sensitive.
Match Field Description
The following table describes the match fields supported in the match method.
Match Field | Matching Parameter | Logical Symbol | Match Content Description | Support Module |
URL | None | Is, Is not Start with, End with | /support directory and specific path, up to 128 characters, excluding domain name. | |
| | Include, Do not include | Fill in the Value field, within 128 characters. | |
Method | None | Is, Is not | Supports HEAD, GET, POST, PUT, OPTIONS, TRACE, DELETE, PATCH, and CONNECT. Each time, support input one value. | |
Query | key in Query parameters | Is, Is not | Query requires filling in key-value composite, fill specific value within 512 characters, configurable multiple times. | |
Referer | None | Is, Is not Include, Do not include Start with, End with | Fill in the value field, within 512 characters. | |
| | Exist, Not exist Blank | None | |
| None | Is, Is not Include, Do not include Start with, End with | Fill in the value field, within 512 characters. | |
| | Belong, Not belong to | Use Enter to separate multiple values, up to 20 entries | |
| | Length equal to, Length longer than, Length shorter than | Enter an integer between 1 and 9999 | |
| | Regex match | Fill in the value field, up to 200 characters. | |
| | Exist, Not exist Blank | None | |
Cookie | key in Cookie parameters | Is, Is not Include, Do not include | Fill in the value field, within 512 characters. | |
| None | Regex match | Fill in the value field, up to 200 characters. | |
| | Length equal to, Length longer than, Length shorter than | None | |
| | Blank Exist, Not exist | None | |
User-Agent | None | Is, Is not Include, Do not include Start with, End with | Fill in the Value field, within 512 characters. | |
| | Exist, Not exist Blank | None | |
| None | Is, Is not Include, Do not include Start with, End with | Enter content, within 512 characters. | |
| | Belong, Not belong to | Use Enter to separate multiple values, up to 20 entries. | |
| | Length equal to, Length longer than, Length shorter than | Enter an integer between 1 and 9999. | |
| | Regex match | Enter content, within 200 characters. | |
| | Exist, Not exist Blank | None | |
Custom request header | Fill in the request header key value, such as Accept, Accept-Language, Accept-Encoding, Connection. | Is, Is not Include, Do not include | Enter content, within 512 characters, configurable multiple times. | |
| | Blank Not exist | None | |
Source IP Location | None | Belong, Not belong to | Select regions as needed. | |
Source IP | None | Belong, Not belong to | Multiple IPV4 addresses or IP ranges separated by commas, up to 100. | |
Source IPv6 | None | Belong, Not belong to | Multiple IPV6 addresses or IP ranges separated by commas, up to 100. | |
Request path | None | Is, Is not Start with, End with | /Enter up to 512 characters. | |
| | Include, Do not include | Enter content, within 512 characters. | |
| | Length equal to, Length longer than, Length shorter than | Enter an integer between 1 and 9999. | |
| | Belong, Not belong to | Use Enter to separate multiple values, up to 20 entries. | |
| | Regex match | Enter content, within 200 characters. | |
HTTP request method | None | Is, Is not | ENTER METHOD NAME, UPPERCASE IS RECOMMENDED. | |
| | Belong, Not belong to | Use Enter to separate multiple values, up to 20 entries. | |
Request string | None | Is, Is not Include, Do not include Start with, End with | Enter content, within 512 characters. | |
| | Length equal to, Length longer than, Length shorter than | Enter an integer between 1 and 9999. | |
| | Belong, Not belong to | Use Enter to separate multiple values, up to 20 entries. | |
| | Regex match | Enter content, within 200 characters. | |
| | Exist Blank | None | |
GET parameter value | Enter parameter value. If it is empty, all are selected by default. | Include, Do not include Start with, End with | Enter content, within 512 characters. | |
| | Length equal to, Length longer than, Length shorter than | Enter an integer between 1 and 9999. | |
| | Belong, Not belong to | Use Enter to separate multiple values, up to 20 entries. | |
| | Blank | None | |
GET parameter name | None | Parameter Exists, parameter does not Exist Start with, End with | Enter content, within 512 characters. | |
| | Length equal to, Length longer than, Length shorter than | Enter an integer between 1 and 9999. | |
| | Belong, Not belong to | Use Enter to separate multiple values, up to 20 entries. | |
POST parameter value | Enter parameter value. If it is empty, all are selected by default. | Include, Do not include Start with, End with | Enter content, within 512 characters. | |
| | Length equal to, Length longer than, Length shorter than | Enter an integer between 1 and 9999. | |
| | Belong to, Not belong to | Use Enter to separate multiple values, up to 20 entries. | |
| | Regex match | Enter content, within 200 characters. | |
| | Blank | None | |
POST parameter name | None | Is, Is not Parameter Exists, parameter does not Exist Start with, End with | Enter content, within 512 characters. | |
| | Length equal to, Length longer than, Length shorter than | Enter an integer between 1 and 9999. | |
| | Belong, Not belong to | Use Enter to separate multiple values, up to 20 entries. | |
| | Regex match | Enter content, within 200 characters. | |
Full body | None | Is, Is not Include, Do not include Start with, End with | Enter BODY content, within 512 characters. | |
| | Length equal to, Length longer than, Length shorter than | Enter an integer between 1 and 9999. | |
| | Regex match | Enter content, within 200 characters. | |
| | Blank | None | |
Cookie parameter name | None | Is, Is not Parameter Exists, parameter does not Exist Start with, End with | Enter content, within 512 characters. | |
| | Length equal to, Length longer than, Length shorter than | Enter an integer between 1 and 9999. | |
| | Belong, Not belong to | Use Enter to separate multiple values, up to 20 entries. | |
Cookie parameter value | Enter parameter value. If it is empty, all are selected by default. | Include, Do not include Start with, End with | Enter content, within 512 characters. | |
| | Length equal to, Length longer than, Length shorter than | Enter an integer between 1 and 9999. | |
| | Belong, Not belong to | Use Enter to separate multiple values, up to 20 entries. | |
| | Blank | None | |
Header name | None | Parameter Exists, parameter does not Exist Start with, End with | Enter content, lowercase is recommended, within 512 characters. | |
| | Length equal to, Length longer than, Length shorter than | Enter an integer between 1 and 9999. | |
| | Regex match | Enter content, within 200 characters. | |
Header value | Enter parameter value. If it is empty, all are selected by default. | Include, Do not include Start with, End with | Enter content, within 512 characters. | |
| | Length equal to, Length longer than, Length shorter than | Enter an integer between 1 and 9999. | |
| | Belong, Not belong to | Use Enter to separate multiple values, up to 20 entries. | |
| | Regex match | Enter content, within 200 characters. | |
| | Not exist | None | |
Content-Length | None | Value equals, Value greater than, Value less than | Enter an integer between 0 and 999999999999. | |
verification code RiskType | None | Value equals,Value not equal to | Please enter an integer value between [0-255], converting binary to decimal. | |
| | Belong, Not belong to | Please enter integer values between [0-255], separated by line breaks. A maximum of 50 values is allowed. | |
| | Exist, Not exist | None | |
Captcha Device Risk | None | Belong, Not belong to | Please select a device risk category: 101, 201, 301, 401, 501, 601, 701. | |
| | Exist, Not exist | None | |
verification code token score | None | Value equals, Value greater than, Value less than, Value less than or equal to, Value greater than or equal to | Please enter an integer value between [0-100]. | |
| | Exist, Not exist | None | |
Note:
1. Different packages and versions support different numbers of custom rules. For details, see Plan and Editions.
2. Only instances that have enabled Tencent Cloud Captcha service and are bound to WAF can configure Captcha-related rules. For more details, please refer to Integration with Web Application Firewall.
피드백