What are the definitions for each firewall/API rule operator?
When you're adding a new firewall or API protection rule, chances are you'll have to decide which operator to use for your rule.
The ' Operator' defines how the "actual user request field and its values" relate to the "set rule field and its values". Such that when the two match, it will execute a response defined in the firewall action (e.g. Pass, Block, API protection, etc.).
For API protection, the field is set to 'URI in request w/o query string'. And 'Filter value' and 'Value' specify the value in/of the header or URI path that you wish to apply the Firewall/API protection to.
Here are the definitions for all operators:
| Operator | Definition |
|---|---|
| regex (regular expression) | True if field matches the specified regex pattern (value) |
| streq (string equal) | True if field exactly matches the specified value |
| contains | True if field contains all the specified value/s |
| within | True if field is within the specified URL (value) |
| prefix | True if field starts with the specified value |
| suffix | True if field ends with the specified value |
| include | True if field contains at least one of the specified values |
Examples
Given the target field: URI w/o query = test.com/api/test/1
streq: if URI w/o query is exactly the same with test.com/api/test/1 = then match streq case
contains: if URI w/o query contains api = then match contains case
within: if URI w/o query is within url test.com/api/test/1/what/ever/ = then match within case
prefix: if URI w/o query starts with test.com = then match prefix case
suffix: if URI w/o query ends with /test/1 = then match suffix case
include: if URI w/o query contains EITHER /api/ OR /test/ = then match include case
regex: if URI w/o query match regex pattern [\w\/\.]+ = then match include case
Regular Expression Notes
Regex is a popular string search method, it is used to find all strings that match your pattern. Popular programming languages, such as python support regex.
For the example above:
- [] means matches a single character that is contained within the brackets
- \w means Alphanumeric characters plus "", e.g. [A-Za-z0-9]
- \/ means slash. Backslash \ is placed before slash / because / is a reserved character in regex, so we need to use \/ to represent /
- \. means dot. Dot . is also a reserved character, hence need to put \ before it
- [\w\/\.] means find characters that match A-Z, a-z, 0-9, _, /, .
-
- means indicates one or more occurrences of the preceding element
Therefore, [\w\/\.]+ means find strings match one or more occurrences of ( A-Z, a-z, 0-9, _, /, . ).