Release Notes and Announcements

Release Notes

Security Announcement

Announcements

Product Introduction

Overview

Strengths

Use Cases

Comparison Between EdgeOne and CDN Products

Use Limits

Purchase Guide

Description of Trial Plan Experience Benefits

Free Plan Guide

Billing Overview

Billing Items

Subscriptions

Renewals

Instructions for overdue and refunds

Comparison of EdgeOne Plans

About "clean traffic" billing instructions

DDoS Protection Capacity Description

Getting Started

Choose business scenario

Quick access to website security acceleration

Quick deploying a website with Pages

Domain Service&Origin Configuration

Domain Service

HTTPS Certificate

Origin Configuration

Site Acceleration

Overview

Access Control

Smart Acceleration

Cache Configuration

File Optimization

Network Optimization

URL Rewrite

Modifying Header

Modify the response content

Rule Engine

Image&Video Processing

Speed limit for single connection download

DDoS & Web Protection

Overview

DDoS Protection

Web Protection

Bot Management

API Discovery（Beta）

Edge Functions

Overview

Getting Started

Operation Guide

Runtime APIs

Sample Functions

Best Practices

Pages

L4 Proxy

Overview

Creating an L4 Proxy Instance

Modifying an L4 Proxy Instance

Disabling or Deleting an L4 Proxy Instance

Batch Configuring Forwarding Rules

Obtaining Real Client IPs

Data Analysis&Log Service

Log Service

Data Analysis

Alarm Service

Site and Billing Management

Billing Management

Site Management

Version Management

General Policy

General Reference

Configuration Syntax

Request and Response Actions

Country/region and Corresponding Codes

Terraform

Overview

Installing and Configuring Terraform

Practical Tutorial

EdgeOne Skill User Guide

Automatic Warm-up/Cache Purge

Resource Abuse/hotlinking Protection Practical

HTTPS Related Practices

Acceleration Optimization

Scheduling Traffic

Data Analysis and Alerting

Log Platform Integration Practices

Configuring Origin Servers for Cloud Object Storage (Such As COS)

CORS Response Configuration

API Documentation

History

Introduction

API Category

Making API Requests

Site APIs

Acceleration Domain Management APIs

Site Acceleration Configuration APIs

Edge Function APIs

Alias Domain APIs

Security Configuration APIs

Layer 4 Application Proxy APIs

Content Management APIs

Data Analysis APIs

Log Service APIs

Billing APIs

Certificate APIs

Origin Protection APIs

Load Balancing APIs

Diagnostic Tool APIs

Custom Response Page APIs

API Security APIs

DNS Record APIs

Content Identifier APIs

Legacy APIs

Ownership APIs

Image and Video Processing APIs

Multi-Channel Security Gateway APIs

Version Management APIs

Data Types

Error Codes

FAQs

Product Features FAQs

DNS Record FAQs

Domain Configuration FAQs

Site Acceleration FAQs

Data and Log FAQs

Security Protection-related Queries

Origin Configuration FAQs

Troubleshooting

Reference for Abnormal Status Codes

Troubleshooting Guide for EdgeOne 4XX/5XX Status Codes

520/524 Status Code Troubleshooting Guide

521/522 Status Code Troubleshooting Guide

Tool Guide

Agreements

Service Level Agreement

Origin Protection Enablement Conditions of Use

TEO Policy

Data Processing And Security Agreement

Glossary

Match Condition

PDF

Focus Mode

Font Size

Last updated: 2025-10-15 16:36:28

Overview
Web Protection function is implemented by matching different conditions of requests. The following provides a detailed introduction to various matching condition options, matching condition descriptions, and related configuration methods and limitations.
Using Matching Conditions
You can use the matching conditions of the rule to specify the effective scope of the rule, and control the effective scope of protection exception rules, custom rules, rate limiting, and custom bot rules.
Note:
When multiple matching conditions are configured, the rule takes effect only when all matching conditions are satisfied.
Matching Methods
When the matching field and matching content meet the requirements of the matching method, the matching condition is satisfied.
 Note:
For the request header matching fields (such as Referer header and custom headers), if the matching methods such as equal to, not equal to, include, exclude, wildcard matching, wildcard mismatch, and regular expression matching are used, the matching condition can be satisfied only when the header exists and is not empty.
Matching Method
Description
Equal to (in the list)
 The matching content  list contains the full string of the matching field, which is case-insensitive.
The matching content can be configured with multiple values. When the matching field matches any value, the matching condition is satisfied.
Not equal to (not in the list)
 The matching content  list does not contain the full string of the matching field , which is case-insensitive.
The matching content can be configured with multiple values. When the matching field matches none of the values, the matching condition is satisfied.
Include (keyword)
 The matching field  string contains any full string included in the  matching content  list, which is case-insensitive.
The matching content can be configured with multiple values. When any value does appear in the matching field, the matching condition is satisfied.
Exclude (keyword)
 The matching field  string does not contain any full string included in the  matching content  list, which is case-insensitive.
The matching content can be configured with multiple values. When all values do not appear in the matching field, the matching condition is satisfied.
Wildcard matching
 The matching content  list contains a string for wildcard matching of the  matching field, which is case-insensitive. The supported wildcard characters include:
Asterisk * : Matches zero or multiple characters.
Question mark ? : Matches one character.
The matching content can be configured with multiple wildcard expressions. When the matching field matches any wildcard expression, the matching condition is satisfied.
When the matching content does not contain a wildcard, exact matching is used to judge the matching field.
Wildcard mismatch
 The matching content  list does not contain a string for wildcard matching of the  matching field, which is case-insensitive. The supported wildcard characters include:
Asterisk * : Matches zero or multiple characters.
Question mark ? : Matches one character.
The matching content can be configured with multiple wildcard expressions. When the matching field matches none of the wildcard expressions, the matching condition is satisfied.
When the matching content does not contain a wildcard, exact matching is used to judge the matching field.
Length greater than
 The matching field  exists and the data length (calculated by the number of characters in the string) is greater than the specified length.
Length less than
 The matching field  exists and the data length (calculated by the number of characters in the string) is less than the specified length.
Content is empty
 The matching field  exists and is an empty string.
Not exist
 The matching field  does not exist.
Regular expression matching
 The matching field  data can match the regular expression in the  matching content .
Matching Condition Options and Descriptions
Note:
1. The supported matching conditions vary depending on the rule type and the EdgeOne plan you have subscribed to. For support details, refer to the Comparison among EdgeOne Plans.
2. In all the matching content of a single rule, the total number of the matching items should not exceed 128 (including the matching conditions that require matching multiple values simultaneously).
Match Condition options
Match Condition descriptions
Request Client IP
Match the source IP address of the request. Supports matching based on Region, ASN, IP, and CIDR Block.
When using Match, not match logical symbol options, you can match Client IP, CIDR Block, and IP grouping.
A single match condition can configure up to 8 IP groupings.
When using Region inclusion, Region exclusion logical symbol options, you can match the Region of the Client IP.
When using ASN affiliation, ASN affiliation not equal to logical symbol options, you can match the BGP autonomous system number (ASN) to which the Client IP belongs.
Request Client IP (Prioritize matching XFF Header)
When the request carries a valid XFF (X-Forwarded-For) Header, match the first IP in the XFF Header; otherwise, match the source IP address of the request.
When using Match, not match logical symbol options, you can match Client IP, CIDR Block, and IP grouping.
A single match condition can configure up to 8 IP groupings.
When using Region inclusion, Region exclusion logical symbol options, you can match the Region of the Client IP.
When using ASN affiliation, ASN affiliation not equal to logical symbol options, you can match the BGP autonomous system number (ASN) to which the Client IP belongs.
Custom request header
Match the specified header of the request, providing additional parameter options to match the header value of a specific name.
Case insensitive.
Supports equal to, not equal to, include, exclude, wildcard matching, wildcard mismatch, length greater than, length less than, content is empty, no existing, regular expression match.
Request URL
Match the request URL. For example: /example.html?region=cn .
Case insensitive.
Exclude Hostname
Include URL query parameters
Supports equal to, not equal to, include, exclude, wildcard matching, wildcard mismatch, length greater than, length less than, content is empty, no existing, regular expression match.
Request Source (Referer Header)
Match the request's Referer header.
Case insensitive.
Supports equal to, not equal to, include, exclude, wildcard matching, wildcard mismatch, length greater than, length less than, content is empty, no existing, regular expression match.
Request content type (Accept Header)
Match the request's Accept header.
Case insensitive.
Supports equal to, not equal to, include, exclude, wildcard matching, wildcard mismatch, length greater than, length less than, content is empty, no existing, regular expression match.
Request Path
Match the request URL's path section. For example: /example.html or /api/v2/login.
Hostname is not included.
Query parameters are not included.
Case insensitive.
Request Method
Method for matching requests.
Case insensitive.
Supports multiple selections: GET, POST, HEAD, PUT, DELETE, TRACE, OPTIONS, CONNECT.
Request Cookie
Matches specified request Cookie header parameter values. Cookie parameter name must be specified.
Case insensitive.
Supports equal to, not equal to, include, exclude, wildcard matching, wildcard mismatch, length greater than, length less than, content is empty, no existing, regular expression match.
XFF extended headers
Match the request's XFF (X-Forwarded-For) header.
Case insensitive.
Supports equal to, not equal to, include, exclude, wildcard matching, wildcard mismatch, length greater than, length less than, content is empty, no existing, regular expression match.
Network layer protocol
Match the type of IP protocol used in the request.
Support multiple selections: IPv4, IPv6.
Application layer protocol
Match the application layer protocol used in the request.
Support multiple selections: HTTP, HTTPS.
Response status code
Match the HTTP status code of the response.
Only support rate limiting; configuration is supported when selecting based on response statistics.
Supports matching up to 20 status codes simultaneously.
Request body
Match the body of the request.
Only supports matching the first 8 KB data of the request body.
﻿

Help and Support

Was this page helpful?

You can also Contact sales or Submit a Ticket for help.

Help us improve! Rate your documentation experience in 5 mins.

Feedback

tencent cloud

Tencent Cloud EdgeOne

Match Condition

Overview

Using Matching Conditions

Matching Methods

Matching Condition Options and Descriptions

Help and Support

Matching Method	Description
Equal to (in the list)	The matching content list contains the full string of the matching field, which is case-insensitive. The matching content can be configured with multiple values. When the matching field matches any value, the matching condition is satisfied.
Not equal to (not in the list)	The matching content list does not contain the full string of the matching field , which is case-insensitive. The matching content can be configured with multiple values. When the matching field matches none of the values, the matching condition is satisfied.
Include (keyword)	The matching field string contains any full string included in the matching content list, which is case-insensitive. The matching content can be configured with multiple values. When any value does appear in the matching field, the matching condition is satisfied.
Exclude (keyword)	The matching field string does not contain any full string included in the matching content list, which is case-insensitive. The matching content can be configured with multiple values. When all values do not appear in the matching field, the matching condition is satisfied.
Wildcard matching	The matching content list contains a string for wildcard matching of the matching field, which is case-insensitive. The supported wildcard characters include: Asterisk `*` : Matches zero or multiple characters. Question mark `?` : Matches one character. The matching content can be configured with multiple wildcard expressions. When the matching field matches any wildcard expression, the matching condition is satisfied. When the matching content does not contain a wildcard, exact matching is used to judge the matching field.
Wildcard mismatch	The matching content list does not contain a string for wildcard matching of the matching field, which is case-insensitive. The supported wildcard characters include: Asterisk `*` : Matches zero or multiple characters. Question mark `?` : Matches one character. The matching content can be configured with multiple wildcard expressions. When the matching field matches none of the wildcard expressions, the matching condition is satisfied. When the matching content does not contain a wildcard, exact matching is used to judge the matching field.
Length greater than	The matching field exists and the data length (calculated by the number of characters in the string) is greater than the specified length.
Length less than	The matching field exists and the data length (calculated by the number of characters in the string) is less than the specified length.
Content is empty	The matching field exists and is an empty string.
Not exist	The matching field does not exist.
Regular expression matching	The matching field data can match the regular expression in the matching content .

Match Condition options	Match Condition descriptions
Request Client IP	Match the source IP address of the request. Supports matching based on Region, ASN, IP, and CIDR Block. When using `Match`, `not match` logical symbol options, you can match Client IP, CIDR Block, and IP grouping. A single match condition can configure up to 8 IP groupings. When using `Region inclusion`, `Region exclusion` logical symbol options, you can match the Region of the Client IP. When using `ASN affiliation`, `ASN affiliation not equal to` logical symbol options, you can match the BGP autonomous system number (ASN) to which the Client IP belongs.
Request Client IP (Prioritize matching XFF Header)	When the request carries a valid XFF (X-Forwarded-For) Header, match the first IP in the XFF Header; otherwise, match the source IP address of the request. When using `Match`, `not match` logical symbol options, you can match Client IP, CIDR Block, and IP grouping. A single match condition can configure up to 8 IP groupings. When using `Region inclusion`, `Region exclusion` logical symbol options, you can match the Region of the Client IP. When using `ASN affiliation`, `ASN affiliation not equal to` logical symbol options, you can match the BGP autonomous system number (ASN) to which the Client IP belongs.
Custom request header	Match the specified header of the request, providing additional parameter options to match the header value of a specific name. Case insensitive. Supports equal to, not equal to, include, exclude, wildcard matching, wildcard mismatch, length greater than, length less than, content is empty, no existing, regular expression match.
Request URL	Match the request URL. For example: /example.html?region=cn . Case insensitive. Exclude Hostname Include URL query parameters Supports equal to, not equal to, include, exclude, wildcard matching, wildcard mismatch, length greater than, length less than, content is empty, no existing, regular expression match.
Request Source (Referer Header)	Match the request's Referer header. Case insensitive. Supports equal to, not equal to, include, exclude, wildcard matching, wildcard mismatch, length greater than, length less than, content is empty, no existing, regular expression match.
Request content type (Accept Header)	Match the request's Accept header. Case insensitive. Supports equal to, not equal to, include, exclude, wildcard matching, wildcard mismatch, length greater than, length less than, content is empty, no existing, regular expression match.
Request Path	Match the request URL's path section. For example: /example.html or /api/v2/login. Hostname is not included. Query parameters are not included. Case insensitive.
Request Method	Method for matching requests. Case insensitive. Supports multiple selections: GET, POST, HEAD, PUT, DELETE, TRACE, OPTIONS, CONNECT.
Request Cookie	Matches specified request Cookie header parameter values. Cookie parameter name must be specified. Case insensitive. Supports equal to, not equal to, include, exclude, wildcard matching, wildcard mismatch, length greater than, length less than, content is empty, no existing, regular expression match.
XFF extended headers	Match the request's XFF (X-Forwarded-For) header. Case insensitive. Supports equal to, not equal to, include, exclude, wildcard matching, wildcard mismatch, length greater than, length less than, content is empty, no existing, regular expression match.
Network layer protocol	Match the type of IP protocol used in the request. Support multiple selections: IPv4, IPv6.
Application layer protocol	Match the application layer protocol used in the request. Support multiple selections: HTTP, HTTPS.
Response status code	Match the HTTP status code of the response. Only support rate limiting; configuration is supported when selecting based on response statistics. Supports matching up to 20 status codes simultaneously.
Request body	Match the body of the request. Only supports matching the first 8 KB data of the request body.