A JSON file used to define rate policy properties and property values looks similar to this.
{
"additionalMatchOptions": [{
"positiveMatch": true,
"type": "ResponseStatusCondition",
"values": ["400", "401", "402", "403", "404", "405", "406", "407", "408", "409", "410", "500", "501", "502", "503", "504"]
}],
"averageThreshold": 5,
"burstThreshold": 8,
"clientIdentifier": "ip",
"description": "An excessive error rate from the origin could indicate malicious activity by a bot scanning the site or a publishing error. In both cases, this would increase the origin traffic and could potentially destabilize it.",
"matchType": "path",
"name": "HTTP Response Codes",
"pathMatchType": "Custom",
"pathUriPositiveMatch": true,
"requestType": "ForwardResponse",
"sameActionOnIpv6": true,
"type": "WAF",
"useXForwardForHeaders": false
}
Required properties
Property
Description
averageThreshold
Maximum number of allowed hits per second during any two-minute interval.
burstThreshold
Maximum number of allowed hits per second during any five-second interval.
clientIdentifier
Identifier used to identify and track request senders; this value is required only when using Web Application Firewall. Allowed values are:
api-key. Supported only for API match criteria.
ip-useragent. Typically preferred over ip when identifying a client.
ip. Identifies clients by IP address.
cookie:value. Helps track requests over an individual session, even if the IP address changes.
matchType
Indicates the type of path matched by the policy allowed values are:
path. Matches website paths.
api. Matches API paths.
name
Unique name assigned to a rate policy.
pathMatchType
Type of path to match in incoming requests. Allowed values are:
AllRequests. Matches an empty path or any path that ends in a trailing slash
TopLevel. Matches top-level hostnames only.
Custom. Matches a specific path or path component. This property is only required when the matchType is set to path.
requestType
Type of request to count towards the rate policy's thresholds. Allowed values are:
ClientRequest. Counts client requests to edge servers.
ClientResponse. Counts edge responses to the client.
ForwardResponse. Counts origin responses to the client.
ForwardRequest. Counts edge requests to your origin.
sameActionOnIpv6
Indicates whether the same rate policy action applies to both IPv6 traffic and IPv4 traffic.
type
Rate policy type. Allowed values are:
WAF. Web Application Firewall.
BOTMAN. Bot Manager.
Optional properties
Property
Description
description
Descriptive text about the policy.
hostnames
Array of hostnames that trigger a policy match. If a hostname is not in the array then that request is ignored by the policy.
pathUriPositiveMatch
Indicates whether the policy is triggered if a match is found.
useXForwardForHeaders
Indicates whether the policy checks the contents of the `X-Forwarded-For`` header in incoming requests.
additionalMatchOptions
Specifies additional matching conditions for the rate policy.
Property
Required
Description
properties
✔️
Match condition type. Allowed values are:
IpAddressCondition
NetworkListCondition
RequestHeaderCondition
RequestMethodCondition
ResponseStatusCondition
UserAgentCondition
AsNumberCondition
positiveMatch
✔️
Indicates the match condition for a policy's trigger.
values
✔️
List of values to match.
apiSelectors
Specifies the API endpoints to match on. Note that this object can only be used if the matchType is set to api.
Property
Required
Description
apiDefinitionId
✔️
Unique identifier of the API endpoint.
resourceIds
Unique identifiers of one or more API endpoint resources.
undefinedResources
If true, matches any resource not explicitly added to your API definition without having to include the resource ID. If false, matches only those undefined resources listed in the resourceIds property.
definedResources
If true, this matches any resource explicitly added to your API definition without having to include the resource ID. If false, matches only those defined resources listed in the resourceIds property.
bodyParameters
Specifies the request body parameters on which to match.
Property
Required
Description
name
✔️
Body parameter name to match.
values
✔️
Body parameter values to match.
positiveMatch
Indicates the match condition for a policy's trigger.
valueInRange
When true, this matches values inside the values range. Note that your values must be specified as a range to use this property. When false this matches values that fall outside the specified range.
fileExtensions
Specifies the file extensions on which to match.
Property
Required
Description
positiveMatch
✔️
Indicates the match condition for a policy's trigger.
values
✔️
List of file extensions to match.
path
Property
Required
Description
positiveMatch
✔️
Indicates the match condition for a policy's trigger.
values
✔️
List of paths to match.
queryParameters
Property
Required
Description
name
✔️
Query parameter name to match.
values
✔️
List of query parameter values to match.
positiveMatch
✔️
Indicates the match condition for a policy's trigger.
valueInRange
When true, this matches values inside the values range. Your values must be specified as a range to use this property. When false, this matches values that fall outside the specified range.