Skip to main content

Match Conditions

Match conditions determine when rules should be executed. They provide a flexible system for targeting specific requests based on various attributes like headers, paths, IP addresses, and more.

Overview

Control how conditions are evaluated with three logical operators:

Match Operators

Choose how multiple conditions should be combined in your matching logic

matchAllAND

ALL conditions must match for the rule to apply

Schema →
matchAnyOR

ANY condition must match for the rule to apply

Schema →
matchNoneNOT

NO conditions must match for the rule to apply

Schema →

Condition Types

Every condition supports negation by prefixing the condition name with !. For example, paths matches requests that hit the given paths, while !paths matches requests that do not:

Positive
{ "paths": ["/api/*"] }
Negated
{ "!paths": ["/api/*"] }
Search Conditions
37 conditions available

Paths

Match against request URLs using various strategies from exact matches to wildcard patterns.

Basic Path Matching

Match exact paths for specific endpoints.
JSON
{
  "paths": [
    "/api/*",
    "/v2/users/*"
  ]
}
Negate with ! !paths to match requests that do not match these values

Path Prefix Matching

Match all paths that start with specific prefixes.
JSON
{
  "paths_startswith": [
    "/api/",
    "/admin/"
  ]
}
Negate with ! !paths_startswith to match requests that do not match these values

Exact Path Matching

Match only the exact full path.
JSON
{
  "paths_full": [
    "/health",
    "/status"
  ]
}
Negate with ! !paths_full to match requests that do not match these values

Wildcard Path Matching

Use wildcards for pattern-based path matching.
JSON
{
  "paths_wildcard": [
    "/api/*/users",
    "/files/*.jpg"
  ]
}
Negate with ! !paths_wildcard to match requests that do not match these values

Headers

Match against HTTP request and response headers with multiple matching strategies for flexible header-based routing.

Basic Header Matching

Match specific header values exactly.
JSON
{
  "reqheader": {
    "User-Agent": [
      "mobile-app",
      "desktop-app"
    ],
    "Accept-Language": [
      "en-US",
      "en-GB"
    ]
  }
}
Negate with ! !reqheader to match requests that do not match these values

Header Value Matching

Alternative syntax for header value matching.
JSON
{
  "reqheader_values": {
    "Authorization": [
      "Bearer abc123"
    ],
    "X-API-Key": [
      "key1",
      "key2"
    ]
  }
}
Negate with ! !reqheader_values to match requests that do not match these values

Header Prefix Matching

Match headers that start with specific values.
JSON
{
  "reqheader_startswith_values": {
    "User-Agent": [
      "Mozilla/",
      "Chrome/"
    ],
    "X-Forwarded-For": [
      "192.168."
    ]
  }
}
Negate with ! !reqheader_startswith_values to match requests that do not match these values

Header Wildcard Matching

Use wildcards for flexible header pattern matching.
JSON
{
  "reqheader_wildcard_values": {
    "User-Agent": [
      "*mobile*",
      "*tablet*"
    ],
    "Accept": [
      "image/*"
    ]
  }
}
Negate with ! !reqheader_wildcard_values to match requests that do not match these values

Exact Header Matching

Match headers with exact full values.
JSON
{
  "reqheader_full_values": {
    "Content-Type": [
      "application/json"
    ],
    "X-Requested-With": [
      "XMLHttpRequest"
    ]
  }
}
Negate with ! !reqheader_full_values to match requests that do not match these values

Basic Response Header Matching

Match specific response header values exactly.
JSON
{
  "respheader": {
    "Content-Encoding": [
      "gzip"
    ],
    "Server": [
      "AkamaiNetstorage"
    ]
  }
}
Negate with ! !respheader to match requests that do not match these values

Response Header Value Matching

Alternative syntax for response header value matching.
JSON
{
  "respheader_values": {
    "Server": [
      "AkamaiNetstorage"
    ],
    "Content-Type": [
      "text/html"
    ]
  }
}
Negate with ! !respheader_values to match requests that do not match these values

Response Header Prefix Matching

Match response headers that start with specific values.
JSON
{
  "respheader_startswith_values": {
    "content-type": [
      "text/"
    ]
  }
}
Negate with ! !respheader_startswith_values to match requests that do not match these values

Response Header Wildcard Matching

Use wildcards for flexible response header pattern matching.
JSON
{
  "respheader_wildcard_values": {
    "Server": [
      "*aws*"
    ]
  }
}
Negate with ! !respheader_wildcard_values to match requests that do not match these values

Exact Response Header Matching

Match response headers with exact full values.
JSON
{
  "respheader_full_values": {
    "Content-Type": [
      "application/json"
    ],
    "X-Requested-With": [
      "XMLHttpRequest"
    ]
  }
}
Negate with ! !respheader_full_values to match requests that do not match these values

Query Parameters

Match against URL query parameters for dynamic request routing and processing.

Query Parameter Existence

Check if specific query parameters are present.
JSON
{
  "query_exists": [
    "debug",
    "preview"
  ]
}
Negate with ! !query_exists to match requests that do not match these values

Query Parameter Values

Match specific values of query parameters.
JSON
{
  "query_values": {
    "version": [
      "v1",
      "v2"
    ],
    "format": [
      "json",
      "xml"
    ]
  }
}
Negate with ! !query_values to match requests that do not match these values

Query Wildcard Matching

Use wildcards for flexible query parameter matching.
JSON
{
  "query_wildcard_values": {
    "search": [
      "*product*"
    ],
    "category": [
      "electronics*"
    ]
  }
}
Negate with ! !query_wildcard_values to match requests that do not match these values

Exact Query Parameter Matching

Match requests with exact query parameter values.
JSON
{
  "query_full_values": {
    "version": [
      "v1.0"
    ],
    "format": [
      "json",
      "xml"
    ]
  }
}
Negate with ! !query_full_values to match requests that do not match these values

Query Parameter Prefix Matching

Match requests where query value starts with a value.
JSON
{
  "query_startswith_values": {
    "category": [
      "tech",
      "news"
    ],
    "tag": [
      "featured"
    ]
  }
}
Negate with ! !query_startswith_values to match requests that do not match these values

Query Parameter Map Matching

Match query parameters using key-value maps for complex query string patterns.
JSON
{
  "query": {
    "action": [
      "view",
      "edit"
    ],
    "format": [
      "json"
    ]
  }
}
Negate with ! !query to match requests that do not match these values

Geographic Matching

Match requests based on client geographic location using country, region, continent, and city codes.

Geographic Country Matching

Match requests based on client country codes using ISO 3166-1 alpha-2 format (e.g., US, GB, JP). Property Reference | Download Country Codes
Also known as: geo_country
JSON
{
  "geo": [
    "US",
    "CA",
    "GB"
  ]
}
Negate with ! !geo to match requests that do not match these values

Geographic Region-Based Matching

Match requests from specific regions using ISO 3166-2 two-letter codes (e.g., MA, CA, TX). Property Reference | Download Region Codes
Also known as: geo_region
Note
geo_region can be used as a match condition, but NOT an interpolation variable. Use {{region}} for interpolations.
JSON
{
  "region": [
    "BY",
    "IL",
    "NY"
  ]
}
Negate with ! !region to match requests that do not match these values

Geographic Continent-Based Matching

Match requests from specific continents using two-letter codes (e.g., NA, EU, AS). Property Reference | Download Continent Codes
Also known as: geo_continent
Note
geo_continent can be used as a match condition, but NOT an interpolation variable. Use {{continent}} for interpolations.
JSON
{
  "continent": [
    "NA",
    "EU"
  ]
}
Negate with ! !continent to match requests that do not match these values

Geographic City-Based Matching

Match requests from specific cities. City names are uppercase (e.g., LONDON, NEW YORK). Property Reference | Download City Codes
Also known as: geo_city
Note
geo_city can be used as a match condition, but NOT an interpolation variable. Use {{city}} for interpolations.
JSON
{
  "city": [
    "MUNICH",
    "CHICAGO"
  ]
}
Negate with ! !city to match requests that do not match these values

IP & ASN Matching

Match requests based on client IP addresses (IPv4/IPv6) and Autonomous System Numbers.

ASN Matching

Matches requests based on the Autonomous System Number (ASN) of the client's IP address.
JSON
{
  "asn": [
    16509,
    8075,
    13335
  ]
}
Negate with ! !asn to match requests that do not match these values

ASN Exact Matching

Match requests based on exact Autonomous System Number equality.
JSON
{
  "asn_equals": [
    "16509",
    "15169",
    "32934"
  ]
}
Negate with ! !asn_equals to match requests that do not match these values

IPv4 Matching

Match specific IPv4 addresses or CIDR blocks.
JSON
{
  "ipv4": [
    "192.0.2.100",
    "198.51.100.0/24",
    "203.0.113.0/24"
  ]
}
Negate with ! !ipv4 to match requests that do not match these values

IPv6 Matching

Match IPv6 addresses with full address or CIDR notation.
JSON
{
  "ipv6": [
    "2001:db8::1",
    "2001:db8::/32"
  ]
}
Negate with ! !ipv6 to match requests that do not match these values

Match requests based on cookie names using exact, prefix, or wildcard patterns.

Request Properties

Match requests based on HTTP method, protocol scheme, and file extension.

HTTP Method Matching

Target specific HTTP methods.
JSON
{
  "method": [
    "GET",
    "POST",
    "PUT"
  ]
}
Negate with ! !method to match requests that do not match these values

Protocol/Scheme Matching

Match requests based on protocol (HTTP/HTTPS).
Also known as: scheme
JSON
{
  "protocol": [
    "https"
  ]
}
Negate with ! !protocol to match requests that do not match these values

URL Scheme Matching

Match requests based on URL scheme (http, https, or other protocols).
Also known as: protocol
JSON
{
  "scheme": [
    "https"
  ]
}
Negate with ! !scheme to match requests that do not match these values

File Extension Matching

Match requests based on file extensions.
JSON
{
  "extension": [
    "jpg",
    "png",
    "gif",
    "webp"
  ]
}
Negate with ! !extension to match requests that do not match these values

Response Properties

Match based on response properties such as origin timeout status. Available in response match conditions only (onClientResponse, onOriginResponse).

Origin Timeout Matching

Match responses based on whether the origin connection has timed out. Available in response match conditions only (onClientResponse, onOriginResponse).
JSON
{
  "origin_timeout": true
}
Negate with ! !origin_timeout to match requests that do not match these values

Response Status Code Matching

Match responses based on HTTP status codes. Supports exact codes (500), ranges (502-504), and classes (5xx). Available in response match conditions only (onClientResponse, onOriginResponse).
JSON
{
  "status": [
    500,
    "502-504",
    "5xx"
  ]
}
Negate with ! !status to match requests that do not match these values