Match Conditions
Match conditions determine when rules should be executed. They provide a flexible system for targeting specific requests based on various attributes like headers, paths, IP addresses, and more.
Overview
Control how conditions are evaluated with three logical operators:
Match Operators
Choose how multiple conditions should be combined in your matching logic
Condition Types
Every condition supports negation by prefixing the condition name with !. For example, paths matches requests that hit the given paths, while !paths matches requests that do not:
Paths
Match against request URLs using various strategies from exact matches to wildcard patterns.
Basic Path Matching
{
"paths": [
"/api/*",
"/v2/users/*"
]
}!paths to match requests that do not match these valuesPath Prefix Matching
{
"paths_startswith": [
"/api/",
"/admin/"
]
}!paths_startswith to match requests that do not match these valuesExact Path Matching
{
"paths_full": [
"/health",
"/status"
]
}!paths_full to match requests that do not match these valuesWildcard Path Matching
{
"paths_wildcard": [
"/api/*/users",
"/files/*.jpg"
]
}!paths_wildcard to match requests that do not match these valuesHeaders
Match against HTTP request and response headers with multiple matching strategies for flexible header-based routing.
Basic Header Matching
{
"reqheader": {
"User-Agent": [
"mobile-app",
"desktop-app"
],
"Accept-Language": [
"en-US",
"en-GB"
]
}
}!reqheader to match requests that do not match these valuesHeader Value Matching
{
"reqheader_values": {
"Authorization": [
"Bearer abc123"
],
"X-API-Key": [
"key1",
"key2"
]
}
}!reqheader_values to match requests that do not match these valuesHeader Prefix Matching
{
"reqheader_startswith_values": {
"User-Agent": [
"Mozilla/",
"Chrome/"
],
"X-Forwarded-For": [
"192.168."
]
}
}!reqheader_startswith_values to match requests that do not match these valuesHeader Wildcard Matching
{
"reqheader_wildcard_values": {
"User-Agent": [
"*mobile*",
"*tablet*"
],
"Accept": [
"image/*"
]
}
}!reqheader_wildcard_values to match requests that do not match these valuesExact Header Matching
{
"reqheader_full_values": {
"Content-Type": [
"application/json"
],
"X-Requested-With": [
"XMLHttpRequest"
]
}
}!reqheader_full_values to match requests that do not match these valuesBasic Response Header Matching
{
"respheader": {
"Content-Encoding": [
"gzip"
],
"Server": [
"AkamaiNetstorage"
]
}
}!respheader to match requests that do not match these valuesResponse Header Value Matching
{
"respheader_values": {
"Server": [
"AkamaiNetstorage"
],
"Content-Type": [
"text/html"
]
}
}!respheader_values to match requests that do not match these valuesResponse Header Prefix Matching
{
"respheader_startswith_values": {
"content-type": [
"text/"
]
}
}!respheader_startswith_values to match requests that do not match these valuesResponse Header Wildcard Matching
{
"respheader_wildcard_values": {
"Server": [
"*aws*"
]
}
}!respheader_wildcard_values to match requests that do not match these valuesExact Response Header Matching
{
"respheader_full_values": {
"Content-Type": [
"application/json"
],
"X-Requested-With": [
"XMLHttpRequest"
]
}
}!respheader_full_values to match requests that do not match these valuesQuery Parameters
Match against URL query parameters for dynamic request routing and processing.
Query Parameter Existence
{
"query_exists": [
"debug",
"preview"
]
}!query_exists to match requests that do not match these valuesQuery Parameter Values
{
"query_values": {
"version": [
"v1",
"v2"
],
"format": [
"json",
"xml"
]
}
}!query_values to match requests that do not match these valuesQuery Wildcard Matching
{
"query_wildcard_values": {
"search": [
"*product*"
],
"category": [
"electronics*"
]
}
}!query_wildcard_values to match requests that do not match these valuesExact Query Parameter Matching
{
"query_full_values": {
"version": [
"v1.0"
],
"format": [
"json",
"xml"
]
}
}!query_full_values to match requests that do not match these valuesQuery Parameter Prefix Matching
{
"query_startswith_values": {
"category": [
"tech",
"news"
],
"tag": [
"featured"
]
}
}!query_startswith_values to match requests that do not match these valuesQuery Parameter Map Matching
{
"query": {
"action": [
"view",
"edit"
],
"format": [
"json"
]
}
}!query to match requests that do not match these valuesGeographic Matching
Match requests based on client geographic location using country, region, continent, and city codes.
Geographic Country Matching
geo_country{
"geo": [
"US",
"CA",
"GB"
]
}!geo to match requests that do not match these valuesGeographic Region-Based Matching
geo_region{
"region": [
"BY",
"IL",
"NY"
]
}!region to match requests that do not match these valuesGeographic Continent-Based Matching
geo_continent{
"continent": [
"NA",
"EU"
]
}!continent to match requests that do not match these valuesGeographic City-Based Matching
geo_city{
"city": [
"MUNICH",
"CHICAGO"
]
}!city to match requests that do not match these valuesIP & ASN Matching
Match requests based on client IP addresses (IPv4/IPv6) and Autonomous System Numbers.
ASN Matching
{
"asn": [
16509,
8075,
13335
]
}!asn to match requests that do not match these valuesASN Exact Matching
{
"asn_equals": [
"16509",
"15169",
"32934"
]
}!asn_equals to match requests that do not match these valuesIPv4 Matching
{
"ipv4": [
"192.0.2.100",
"198.51.100.0/24",
"203.0.113.0/24"
]
}!ipv4 to match requests that do not match these valuesIPv6 Matching
{
"ipv6": [
"2001:db8::1",
"2001:db8::/32"
]
}!ipv6 to match requests that do not match these valuesCookie Matching
Match requests based on cookie names using exact, prefix, or wildcard patterns.
Cookie Name Matching
{
"cookie_name": [
"session_id",
"user_pref"
]
}!cookie_name to match requests that do not match these valuesCookie Name Prefix
{
"cookie_name_startswith": [
"sess_",
"temp_"
]
}!cookie_name_startswith to match requests that do not match these valuesCookie Name Wildcards
{
"cookie_name_wildcard": [
"*_session",
"user_*"
]
}!cookie_name_wildcard to match requests that do not match these valuesRequest Properties
Match requests based on HTTP method, protocol scheme, and file extension.
HTTP Method Matching
{
"method": [
"GET",
"POST",
"PUT"
]
}!method to match requests that do not match these valuesProtocol/Scheme Matching
scheme{
"protocol": [
"https"
]
}!protocol to match requests that do not match these valuesURL Scheme Matching
protocol{
"scheme": [
"https"
]
}!scheme to match requests that do not match these valuesFile Extension Matching
{
"extension": [
"jpg",
"png",
"gif",
"webp"
]
}!extension to match requests that do not match these valuesResponse Properties
Match based on response properties such as origin timeout status. Available in response match conditions only (onClientResponse, onOriginResponse).
Origin Timeout Matching
{
"origin_timeout": true
}!origin_timeout to match requests that do not match these valuesResponse Status Code Matching
{
"status": [
500,
"502-504",
"5xx"
]
}!status to match requests that do not match these values