I need some guidance about when to use
- URI FULL
- URI PATH
- URI Query String
All of the examples here
https://developers.cloudflare.com/waf/rate-limiting-rules/use-cases/ use URI PATH. When is it appropriate to use 1, 2, or 4? Is there any documentation?
There is docs for the various fields here: Fields reference · Cloudflare Ruleset Engine docs
Although not all you can use in Rate Limiting. There’s examples under each of them when you select them in the Expression Builder as well.
If your URL is
Your URI is:
Your URI Full is:
Your URI Query String is:
(notably, excluding the ? delimiter)
When is it appropriate to use each? Some people may like using URI or URI Full because it’s easier to see what it should be or something. Personally, I think it’s best to break down a rule as far as possible. A usual rate limiting rule may be something like
Hostname eq api.example.com
URI Path eq /v1/user/login
Matching on hostname (so it only effects the api subdomain) and on Path. It doesn’t matter what the query string is. If you need to match a query string, you can use
URI Query String with contains/matches, or you can use the Edit Expression button and make more complex expressions, like
any(http.request.uri.args["include"][*] == "full_images"): Do any of the query args named
include have a value of
http.request.uri.args["include"] == "full_images"
Does the first
include (if any exist) have a value of
Breaking down a rule as far as possible also lets you do more complex things like
is in using the Visual Expression Editor. You can say
hostname is in <any one of a number of hostnames or
path is in <any one of a number of paths. Lets you save on rules as well.
The Ruleset Engine is pretty flexible. There are often fields that aren’t in the visual editor that you can use in custom expressions if needed:
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.