What are the definitions for each firewall/API rule operator?
When you're adding a new firewall or API protection rule, chances are you'll have to decide which operator to use for your rule.
The operator defines the rule on how the ‘ specified value’ and the ‘field’ (e.g. ‘URI in request w/o query string’, or ‘Parameter in REQUEST, etc.) will relate to each other in order to produce a valid response (Pass, Block, API protection, etc.).
Here are the definitions for all operators:
|regex (regular expression)||True if field matches the specified regex pattern (value)|
|streq (string equal)||True if field exactly matches the specified value|
|contains||True if field contains all the specified value/s|
|within||True if field is within the specified URL (value)|
|prefix||True if field starts with the specified value|
|suffix||True if field ends with the specified value|
|include||True if field contains at least one of the specified values|
Here are some examples:
Given the target field:
URI w/o query = test.com/api/test/1
if URI w/o query is exactly the same with test.com/api/test/1 = then match streq case
if URI w/o query contains api = then match contains case
if URI w/o query is within url test.com/api/test/1/what/ever/ = then match within case
if URI w/o query starts with test.com = then match prefix case
if URI w/o query ends with /test/1 = then match suffix case
if URI w/o query contains EITHER /api/ OR /test/ = then match include case
if URI w/o query match regex pattern [\w\/\.]+ = then match include case
Regex is a popular string search method, it is used to find all strings that match your pattern. Popular programming languages, such as python support regex.
For the example above:
-  means matches a single character that is contained within the brackets
- \w means Alphanumeric characters plus "_", e.g. [A-Za-z0-9_]
- \/ means slash. Backslash \ is placed before slash / because / is a reserved character in regex, so we need to use \/ to represent /
- \. means dot. Dot . is also a reserved character, hence need to put \ before it
- [\w\/.] means find characters that match A-Z, a-z, 0-9, _, /, .
- + means indicates one or more occurrences of the preceding element
Therefore, [\w\/.]+ means find strings match one or more occurrences of ( A-Z, a-z, 0-9, _, /, . )