Rate policy

Available rate policy property options.

Base structure

A JSON file used to define rate policy properties and property values looks similar to this.

{
  "additionalMatchOptions": [{
    "positiveMatch": true,
    "type": "ResponseStatusCondition",
    "values": ["400", "401", "402", "403", "404", "405", "406", "407", "408", "409", "410", "500", "501", "502", "503", "504"]
  }],
  "averageThreshold": 5,
  "burstThreshold": 8,
  "clientIdentifier": "ip",
  "description": "An excessive error rate from the origin could indicate malicious activity by a bot scanning the site or a publishing error. In both cases, this would increase the origin traffic and could potentially destabilize it.",
  "matchType": "path",
  "name": "HTTP Response Codes",
  "pathMatchType": "Custom",
  "pathUriPositiveMatch": true,
  "requestType": "ForwardResponse",
  "sameActionOnIpv6": true,
  "type": "WAF",
  "useXForwardForHeaders": false
}

Required properties

PropertyDescription
averageThresholdMaximum number of allowed hits per second during any two-minute interval.
burstThresholdMaximum number of allowed hits per second during any five-second interval.
clientIdentifierIdentifier used to identify and track request senders; this value is required only when using Web Application Firewall. Allowed values are:
  • api-key. Supported only for API match criteria.
  • ip-useragent. Typically preferred over ip when identifying a client.
  • ip. Identifies clients by IP address.
  • cookie:value. Helps track requests over an individual session, even if the IP address changes.
matchTypeIndicates the type of path matched by the policy allowed values are:
  • path. Matches website paths.
  • api. Matches API paths.
nameUnique name assigned to a rate policy.
pathMatchTypeType of path to match in incoming requests. Allowed values are:
  • AllRequests. Matches an empty path or any path that ends in a trailing slash
  • TopLevel. Matches top-level hostnames only.
  • Custom. Matches a specific path or path component. This property is only required when the matchType is set to path.
    requestTypeType of request to count towards the rate policy's thresholds. Allowed values are:
    • ClientRequest. Counts client requests to edge servers.
    • ClientResponse. Counts edge responses to the client.
    • ForwardResponse. Counts origin responses to the client.
    • ForwardRequest. Counts edge requests to your origin.
    sameActionOnIpv6Indicates whether the same rate policy action applies to both IPv6 traffic and IPv4 traffic.
    typeRate policy type. Allowed values are:
    • WAF. Web Application Firewall.
    • BOTMAN. Bot Manager.

    Optional properties

    PropertyDescription
    descriptionDescriptive text about the policy.
    hostnamesArray of hostnames that trigger a policy match. If a hostname is not in the array then that request is ignored by the policy.
    pathUriPositiveMatchIndicates whether the policy is triggered if a match is found.
    useXForwardForHeadersIndicates whether the policy checks the contents of the `X-Forwarded-For`` header in incoming requests.

    additionalMatchOptions

    Specifies additional matching conditions for the rate policy.

    PropertyRequiredDescription
    properties‚úĒÔłŹMatch condition type. Allowed values are:
    • IpAddressCondition
    • NetworkListCondition
    • RequestHeaderCondition
    • RequestMethodCondition
    • ResponseStatusCondition
    • UserAgentCondition
    • AsNumberCondition
    positiveMatch‚úĒÔłŹIndicates the match condition for a policy's trigger.
    values‚úĒÔłŹList of values to match.

    apiSelectors

    Specifies the API endpoints to match on. Note that this object can only be used if the matchType is set to api.

    PropertyRequiredDescription
    apiDefinitionId‚úĒÔłŹUnique identifier of the API endpoint.
    resourceIdsUnique identifiers of one or more API endpoint resources.
    undefinedResourcesIf true, matches any resource not explicitly added to your API definition without having to include the resource ID. If false, matches only those undefined resources listed in the resourceIds property.
    definedResourcesIf true, this matches any resource explicitly added to your API definition without having to include the resource ID. If false, matches only those defined resources listed in the resourceIds property.

    bodyParameters

    Specifies the request body parameters on which to match.

    PropertyRequiredDescription
    name‚úĒÔłŹBody parameter name to match.
    values‚úĒÔłŹBody parameter values to match.
    positiveMatchIndicates the match condition for a policy's trigger.
    valueInRangeWhen true, this matches values inside the values range. Note that your values must be specified as a range to use this property. When false this matches values that fall outside the specified range.

    fileExtensions

    Specifies the file extensions on which to match.

    PropertyRequiredDescription
    positiveMatch‚úĒÔłŹIndicates the match condition for a policy's trigger.
    values‚úĒÔłŹList of file extensions to match.

    path

    PropertyRequiredDescription
    positiveMatch‚úĒÔłŹIndicates the match condition for a policy's trigger.
    values‚úĒÔłŹList of paths to match.

    queryParameters

    PropertyRequiredDescription
    name‚úĒÔłŹQuery parameter name to match.
    values‚úĒÔłŹList of query parameter values to match.
    positiveMatch‚úĒÔłŹIndicates the match condition for a policy's trigger.
    valueInRangeWhen true, this matches values inside the values range. Your values must be specified as a range to use this property. When false, this matches values that fall outside the specified range.