I need some guidance about when to use
All of the examples here https://developers.cloudflare.com/waf/rate-limiting-rules/use-cases/ use URI PATH. When is it appropriate to use 1, 2, or 4? Is there any documentation?
There is docs for the various fields here: Fields reference · Cloudflare Ruleset Engine docs
Although not all you can use in Rate Limiting. There’s examples under each of them when you select them in the Expression Builder as well.
If your URL is
https://cloudflare.com/free-cookies?code=C7K543
Your URI is:
/free-cookies?code=C7K543
Your URI Full is:
https://cloudflare.com/free-cookies?code=C7K543
Your URI Query String is:
code=C7K543
(notably, excluding the ? delimiter)
When is it appropriate to use each? Some people may like using URI or URI Full because it’s easier to see what it should be or something. Personally, I think it’s best to break down a rule as far as possible. A usual rate limiting rule may be something like Hostname eq api.example.com and URI Path eq /v1/user/login
Matching on hostname (so it only effects the api subdomain) and on Path. It doesn’t matter what the query string is. If you need to match a query string, you can use URI Query String with contains/matches, or you can use the Edit Expression button and make more complex expressions, like
any(http.request.uri.args["include"][*] == "full_images"): Do any of the query args named include have a value of full_images
http.request.uri.args["include"][0] == "full_images"
Does the first include (if any exist) have a value of full_images
Breaking down a rule as far as possible also lets you do more complex things like is in using the Visual Expression Editor. You can say hostname is in <any one of a number of hostnames or path is in <any one of a number of paths. Lets you save on rules as well.
The Ruleset Engine is pretty flexible. There are often fields that aren’t in the visual editor that you can use in custom expressions if needed:
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.