- Property Manager name: SaaS Definitions
- Behavior version: The
v2023-01-05
rule format supports thesaas_definitions
behavior v3.1. - Rule format status: GA, stable
- Access: Read/Write
- Allowed in includes: No (temporarily)
Configures how the Software as a Service feature identifies customers, applications, and users. A different set of options is available for each type of targeted request, each enabled with the action
-suffixed option. In each case, you can use PATH
, COOKIE
, QUERY_STRING
, or HOSTNAME
components as identifiers, or disable
the SaaS behavior for certain targets. If you rely on a HOSTNAME
, you also have the option of specifying a CNAME chain rather than an individual hostname. The various options suffixed regex
and replace
subsequently remove the identifier from the request. This behavior requires a sibling origin
behavior whose originType
option is set to SAAS_DYNAMIC_ORIGIN
.
Option | Type | Description | Requires | |
---|---|---|---|---|
customer_action | enum | Specifies the request component that identifies a SaaS customer. | {"displayType":"enum","options":["DISABLED","HOSTNAME","PATH","QUERY_STRING","COOKIE"],"tag":"select"} | |
DISABLED | This effectively ignores customers. | |||
HOSTNAME | In a hostname. | |||
PATH | In the URL path. | |||
QUERY_STRING | In a query parameter. | |||
COOKIE | In a cookie. | |||
customer_cname_enabled | boolean | Enabling this allows you to identify customers using a CNAME chain rather than a single hostname. | customer_action is HOSTNAME | {"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"attribute":"customerAction","op":"eq","value":"HOSTNAME"}} |
customer_cname_level | number | Specifies the number of CNAMEs to use in the chain. | customer_cname_enabled is true | {"displayType":"number","tag":"input","type":"number"} {"if":{"attribute":"customerCnameEnabled","op":"eq","value":true}} |
customer_cookie | string | This specifies the name of the cookie that identifies the customer. | customer_action is COOKIE | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"customerAction","op":"eq","value":"COOKIE"}} |
customer_query_string | string | This names the query parameter that identifies the customer. | customer_action is QUERY_STRING | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"customerAction","op":"eq","value":"QUERY_STRING"}} |
customer_regex | string | Specifies a Perl-compatible regular expression with which to substitute the request's customer ID. | customer_action is either: HOSTNAME , PATH , COOKIE , QUERY_STRING | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"customerAction","op":"in","value":["HOSTNAME","PATH","COOKIE","QUERY_STRING"]}} |
customer_replace | string | Specifies a string to replace the request's customer ID matched by | customer_action is either: HOSTNAME , PATH , COOKIE , QUERY_STRING | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"customerAction","op":"in","value":["HOSTNAME","PATH","COOKIE","QUERY_STRING"]}} |
application_action | enum | Specifies the request component that identifies a SaaS application. | {"displayType":"enum","options":["DISABLED","HOSTNAME","PATH","QUERY_STRING","COOKIE"],"tag":"select"} | |
DISABLED | This effectively ignores applications. | |||
HOSTNAME | In the hostname. | |||
PATH | In the URL path. | |||
QUERY_STRING | In a query parameter. | |||
COOKIE | In a cookie. | |||
application_cname_enabled | boolean | Enabling this allows you to identify applications using a CNAME chain rather than a single hostname. | application_action is HOSTNAME | {"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"attribute":"applicationAction","op":"eq","value":"HOSTNAME"}} |
application_cname_level | number | Specifies the number of CNAMEs to use in the chain. | application_cname_enabled is true | {"displayType":"number","tag":"input","type":"number"} {"if":{"attribute":"applicationCnameEnabled","op":"eq","value":true}} |
application_cookie | string | This specifies the name of the cookie that identifies the application. | application_action is COOKIE | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"applicationAction","op":"eq","value":"COOKIE"}} |
application_query_string | string | This names the query parameter that identifies the application. | application_action is QUERY_STRING | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"applicationAction","op":"eq","value":"QUERY_STRING"}} |
application_regex | string | Specifies a Perl-compatible regular expression with which to substitute the request's application ID. | application_action is either: HOSTNAME , PATH , COOKIE , QUERY_STRING | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"applicationAction","op":"in","value":["HOSTNAME","PATH","COOKIE","QUERY_STRING"]}} |
application_replace | string | Specifies a string to replace the request's application ID matched by | application_action is either: HOSTNAME , PATH , COOKIE , QUERY_STRING | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"applicationAction","op":"in","value":["HOSTNAME","PATH","COOKIE","QUERY_STRING"]}} |
users_action | enum | Specifies the request component that identifies a SaaS user. | {"displayType":"enum","options":["DISABLED","HOSTNAME","PATH","QUERY_STRING","COOKIE"],"tag":"select"} | |
DISABLED | This effectively ignores users. | |||
HOSTNAME | In a hostname. | |||
PATH | In the URL path. | |||
QUERY_STRING | In a query parameter. | |||
COOKIE | In a cookie. | |||
users_cname_enabled | boolean | Enabling this allows you to identify users using a CNAME chain rather than a single hostname. | users_action is HOSTNAME | {"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"attribute":"usersAction","op":"eq","value":"HOSTNAME"}} |
users_cname_level | number | Specifies the number of CNAMEs to use in the chain. | users_cname_enabled is true | {"displayType":"number","tag":"input","type":"number"} {"if":{"attribute":"usersCnameEnabled","op":"eq","value":true}} |
users_cookie | string | This specifies the name of the cookie that identifies the user. | users_action is COOKIE | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"usersAction","op":"eq","value":"COOKIE"}} |
users_query_string | string | This names the query parameter that identifies the user. | users_action is QUERY_STRING | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"usersAction","op":"eq","value":"QUERY_STRING"}} |
users_regex | string | Specifies a Perl-compatible regular expression with which to substitute the request's user ID. | users_action is either: HOSTNAME , PATH , COOKIE , QUERY_STRING | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"usersAction","op":"in","value":["HOSTNAME","PATH","COOKIE","QUERY_STRING"]}} |
users_replace | string | Specifies a string to replace the request's user ID matched by | users_action is either: HOSTNAME , PATH , COOKIE , QUERY_STRING | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"usersAction","op":"in","value":["HOSTNAME","PATH","COOKIE","QUERY_STRING"]}} |