Conditions on Webscale Product Documentation

Cookie is set

Mon, 01 Jan 0001 00:00:00 +0000

This condition inspects the Cookie request header to verify the existence of a specific cookie name. It returns true if the named cookie is present in the incoming request.

Configuration

Case sensitive: Whether to enable case sensitivity during the name comparison. When disabled, the condition performs a case-insensitive match against all cookies sent in the request.
Name: The exact name the condition must match to return true. This field is required and supports a maximum of 50 characters.

Measurement

The condition parses the Cookie header from the incoming request and evaluates the presence of the specified key.

Cookie is not set

Mon, 01 Jan 0001 00:00:00 +0000

This condition inspects the Cookie request header to verify the absence of a specific cookie name. It returns true if the named cookie is missing from the incoming request.

Configuration

Case sensitive: Whether to enable case sensitivity during the name comparison. When disabled, the condition performs a case-insensitive match against all cookies sent in the request.
Name: The exact name the condition must not match to return true. This field is required and supports a maximum of 50 characters.

Measurement

The condition parses the Cookie header from the incoming request and evaluates the presence of the specified key.

Cookie value matches

Mon, 01 Jan 0001 00:00:00 +0000

This condition inspects the Cookie request header to determine if the value of a specific cookie matches a regular expression . It returns true if the named cookie contains a value that matches the defined pattern.

Configuration

Case sensitive: Whether to enable case sensitivity during the name and value comparison. When disabled, the condition performs a case-insensitive match for the cookie name and evaluates the pattern against all cookies that match that name.
Cookie name: The exact name of the cookie to inspect. This field is required and supports a maximum of 50 characters.
Cookie value pattern: The RE2 regular expression used to evaluate the cookie’s value. The condition returns true if the pattern matches the value of the specified cookie. This field is required and supports a maximum of 255 characters.

Measurement

The condition extracts the specified cookie name from the Cookie request header and evaluates its value against the configured pattern.

Cookie value does not match

Mon, 01 Jan 0001 00:00:00 +0000

This condition inspects the Cookie request header to determine if the value of a specific cookie does not match a regular expression . It returns true if the named cookie contains no values that match the defined pattern.

Configuration

Case sensitive: Whether to enable case sensitivity during the name and value comparison. When disabled, the condition performs a case-insensitive match for the cookie name and evaluates the pattern against all cookies that match that name.
Cookie name: The exact name of the cookie to inspect. This field is required and supports a maximum of 50 characters.
Cookie value pattern: The RE2 regular expression used to evaluate the cookie’s value. The condition returns true if the pattern does not match the value of the specified cookie. This field is required and supports a maximum of 255 characters.

Measurement

The condition extracts the specified cookie name from the Cookie request header and evaluates its value against the configured pattern.

Country of origin is

Mon, 01 Jan 0001 00:00:00 +0000

This condition determines if a request originated from a specific country by performing a geolocation lookup on the requester’s IP address.

Configuration

Selected countries: A list of one or more countries to match against. The condition returns true if the request originates from any country in this list. At least one country must be selected.

Measurement

The condition resolves the IP address from the incoming request and matches it against a geolocation database (MaxMind GeoLite2). It retrieves the ISO country code associated with that IP and returns true if the code exists within the Selected countries list. If the IP address cannot be mapped to a country, the condition returns false.

Country of origin is not

Mon, 01 Jan 0001 00:00:00 +0000

This condition determines if a request originated from a country that is not present in a specified list.

Configuration

Selected countries: A list of one or more countries to exclude from matching. The condition returns true if the request originates from any country that is not in this list. At least one country must be selected.

Measurement

The condition resolves the IP address from the incoming request and performs a lookup against a geolocation database (MaxMind GeoLite2). It retrieves the ISO country code for the IP and returns true only if that code is absent from the Selected countries list. If the IP address cannot be mapped to a country, the condition returns true.

IP address in set

Mon, 01 Jan 0001 00:00:00 +0000

This condition identifies if the requester’s IP address is in a pre-defined address set.

Configuration

Select address set: The named collection of IP addresses or CIDR ranges to match against. The condition returns true only if the requester’s IP is found within this set. This field is required.

Measurement

The condition resolves the IP address from the incoming request and evaluates it against the specified address set. The process validates the request IP against both individual addresses and CIDR notations. If the IP falls within the defined range, the condition returns true.

IP address not in set

Mon, 01 Jan 0001 00:00:00 +0000

This condition identifies if the requester’s IP address is not in a pre-defined address set.

Configuration

Select address set: The named collection of IP addresses or CIDR ranges to check against. The condition returns true only if the requester’s IP is not found within this set. This field is required.

Measurement

The condition resolves the IP address from the incoming request and evaluates it against the specified address set. The process validates the request IP against both individual addresses and CIDR notations. If the IP falls outside the defined range, the condition returns true.

IP address is allowlisted

Mon, 01 Jan 0001 00:00:00 +0000

This condition checks if the requester’s IP address is included in the Allowlist within an account’s address set. It compares the address from the request to the list of addresses managed in that section of the dashboard and returns true if a match is found.

Configuration

No further configurations are necessary for this condition. The logic is applied automatically to all addresses currently present in the Allowlist.

IP address is not allowlisted

Mon, 01 Jan 0001 00:00:00 +0000

This condition checks if the requester’s IP address is missing from the Allowlist within an account’s address set. It compares the address from the request to the list of addresses managed in that section of the dashboard and returns true if no match is found.

Configuration

No further configurations are necessary for this condition. The logic is applied automatically to all addresses currently present in the Allowlist.

IP address is a threat

Mon, 01 Jan 0001 00:00:00 +0000

This condition inspects the client IP address of an incoming request to determine if it is a known malicious source. It returns true if the address matches an entry in the threat database.

Configuration

Bot IP shield: This condition requires the Bot IP Shield add-on to be active for the application.
Setup: No further configurations are necessary for this condition. The underlying threat data is automatically updated via Webroot’s BrightCloud® IP Reputation Service every five minutes to reflect the latest global attack sources.

Measurement

The condition resolves the IP address from the incoming request and evaluates it against the threat reputation database.

IP address is not a threat

Mon, 01 Jan 0001 00:00:00 +0000

This condition inspects the client IP address of an incoming request to verify it is not a known malicious source. It returns true if the address is absent from the threat database.

Configuration

Bot IP shield: This condition requires the Bot IP Shield add-on to be active for the application.
Setup: No further configurations are necessary for this condition. The underlying threat data is automatically updated via Webroot’s BrightCloud® IP Reputation Service every five minutes to reflect the latest global attack sources.

Measurement

The condition resolves the IP address from the incoming request and evaluates it against the threat reputation database.

Random

Mon, 01 Jan 0001 00:00:00 +0000

This condition triggers actions randomly based on a specified percentage of traffic.

Configuration

Percentage of traffic: A numerical value between 0 and 100 that defines the likelihood of the condition matching. A value of 0 will never return true, while a value of 100 will always return true. This field is required.

Measurement

For every incoming request, the condition evaluates a uniform random float between 0.0 and 1.0. The configured Percentage of traffic is converted to a probability (e.g. 20% becomes 0.2). The condition returns true if the generated random value is less than this probability.

Rate limit

Mon, 01 Jan 0001 00:00:00 +0000

This condition tracks the volume of requests from a specific requester and returns true if that volume exceeds a defined threshold within a set time period. Rate counters are measured centrally across all proxies serving an application, and each evaluated client ID is allocated its own counter as long as requests are received for it within the interval.

Counting only occurs if the other conditions within the web control are met. The counter set for a rate limit condition is unique to the specific web control that contains it; an identical condition in another web control maintains its own independent counter set.

Referrer is

Mon, 01 Jan 0001 00:00:00 +0000

This condition inspects the Referer request header to determine if it matches a specified list of wildcard patterns. It returns true if the header value matches any of the defined patterns.

Configuration

Case sensitive: Whether to enable case sensitivity during the comparison. When disabled, the condition performs a case-insensitive match against the Referer header sent in the request.
Referrer pattern: The input field used to add new wildcard patterns. Multiple entries can be added simultaneously by separating them with a comma, a pipe (|), or a new line.
Defined patterns: The list of all active patterns for this condition. The condition returns true if the requester’s referrer matches any entry in this list.

Pattern matching

The system supports flexible wildcard entries to simplify configuration. To ensure comprehensive matching, the system automatically translates wildcard entries into optimized regular expressions during processing:

Referrer is not

Mon, 01 Jan 0001 00:00:00 +0000

This condition inspects the Referer request header to determine if it does not match a specified list of wildcard patterns. It returns true if the header value matches none of the defined patterns.

Configuration

Case sensitive: Whether to enable case sensitivity during the comparison. When disabled, the condition performs a case-insensitive match against the Referer header sent in the request.
Referrer pattern: The input field used to add new wildcard patterns for exclusion. Multiple entries can be added simultaneously by separating them with a comma, a pipe (|), or a new line.
Defined patterns: The list of all active patterns for this condition. The condition returns true only if the requester’s referrer matches none of the entries in this list.

Pattern matching

Referrer is defined

Mon, 01 Jan 0001 00:00:00 +0000

This condition checks if the Referer header sent in the request matches any of the aliases associated with the application. It returns true if the requester’s referrer hostname is recognized as an application alias.

Configuration

No further configurations are necessary for this condition. The logic is applied automatically by comparing the request header against the application’s current list of aliases.

Measurement

The condition extracts the hostname from the Referer header of the incoming request. It then performs a lookup against the list of aliases configured for the application and returns true if a match is found. This is commonly used to identify traffic originating from within the same application.

Referrer is not defined

Mon, 01 Jan 0001 00:00:00 +0000

This condition checks if the Referer header sent in the request does not match any of the aliases associated with the application. It returns true if the requester’s referrer hostname is not recognized as an application alias.

Configuration

No further configurations are necessary for this condition. The logic is applied automatically by comparing the request header against the application’s current list of aliases.

Measurement

The condition extracts the hostname from the Referer header of the incoming request. It then performs a lookup against the list of aliases configured for the application and returns true if no match is found. This is commonly used to identify traffic originating from outside the application.

Request header value matches

Mon, 01 Jan 0001 00:00:00 +0000

This condition inspects the value of a specified header sent in the request to determine if it matches a regular expression . It returns true if the named header contains a value that matches the defined pattern.

Configuration

Case sensitive: Whether to enable case sensitivity during the name and value comparison. When disabled, the condition performs a case-insensitive match for the header name and evaluates the pattern against all headers sent in the request that match that name.
Name: The exact name of the request header to inspect. This field is required and supports a maximum of 50 characters.
Pattern: The RE2 regular expression used to evaluate the header’s value. The condition returns true if the pattern matches the value of the specified header. This field is required and supports a maximum of 255 characters.

Measurement

The condition extracts all values for the specified header name from the incoming request and evaluates them against the configured pattern.

Request header value does not match

Mon, 01 Jan 0001 00:00:00 +0000

This condition inspects the value of a specified header sent in the request to determine if it does not match a regular expression . It returns true if the named header contains no values that match the defined pattern.

Configuration

Case sensitive: Whether to enable case sensitivity during the name and value comparison. When disabled, the condition performs a case-insensitive match for the header name and evaluates the pattern against all headers sent in the request that match that name.
Name: The exact name of the request header to inspect. This field is required and supports a maximum of 50 characters.
Pattern: The RE2 regular expression used to evaluate the header’s value. The condition returns true if the pattern does not match the value of the specified header. This field is required and supports a maximum of 255 characters.

Measurement

The condition extracts all values for the specified header name from the incoming request and evaluates them against the configured pattern.

Request headers match

Mon, 01 Jan 0001 00:00:00 +0000

This condition inspects the incoming request to verify the presence of a specific set of header names and their corresponding values. It returns true if any defined header name is present and contains a value that matches its respective regular expression .

Configuration

Case sensitive: Whether to enable case sensitivity during the comparison. When disabled, the condition performs a case-insensitive match for both the header names and the values against the defined patterns.
Name: The exact name of the request header to inspect. Multiple headers can be added to the list.
Pattern: The RE2 regular expression used to evaluate the specific header’s value.
Defined patterns: The list of all active name-pattern pairs for this condition. The condition returns true only if the request matches every entry in this list.

Measurement

The condition resolves the specified headers from the incoming request and evaluates them against the Defined patterns as a collective set.

Request headers do not match

Mon, 01 Jan 0001 00:00:00 +0000

This condition inspects the incoming request to verify if a specific set of header names and their corresponding values is absent. It returns true if any specified header name is missing or if any header value does not match its respective regular expression .

Configuration

Case sensitive: Whether to enable case sensitivity during the comparison. When disabled, the condition performs a case-insensitive match for both the header names and the values against the defined patterns.
Name: The exact name of the request header to inspect. Multiple headers can be added to the list.
Pattern: The RE2 regular expression used to evaluate the specific header’s value.
Defined patterns: The list of all active name-pattern pairs for this condition. The condition returns true if the request fails to match the entire set defined in this list.

Measurement

The condition resolves the specified headers from the incoming request and evaluates them against the Defined patterns as a collective set.

Request method is

Mon, 01 Jan 0001 00:00:00 +0000

This condition inspects the HTTP method of the incoming request and returns true if it matches any of the methods in the selected list.

Configuration

Available request methods: A list of standard HTTP methods available for selection, including CONNECT, DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT, and TRACE.
Selected methods: The specific methods that trigger the condition. The condition returns true if the request uses any method present in this list.

Measurement

The condition extracts the method name from the incoming request and performs a lookup against the Selected methods list. It returns true as soon as a match is found. If the request method is not in the list, or if the request context is unavailable during evaluation, the condition returns false.

Request method is not

Mon, 01 Jan 0001 00:00:00 +0000

This condition inspects the HTTP method of the incoming request and returns true if it does not match any of the methods in the selected list.

Configuration

Available request methods: A list of standard HTTP methods available for selection, including CONNECT, DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT, and TRACE.
Selected methods: The list of methods that the request must not use for the condition to return true. If a request uses a method present in this list, the condition returns false.

Measurement

The condition extracts the method name from the incoming request and compares it against the Selected methods list. It returns true only if the request method is absent from that list. If the request method is found in the list, or if the request context is unavailable, the condition returns false.

Response headers match

Mon, 01 Jan 0001 00:00:00 +0000

This condition inspects the outgoing response to verify the presence of a specific set of header names and their corresponding values. It returns true if any defined header name is present and contains a value that matches its respective regular expression .

Note:

This web control condition is only available on Response web controls.

Configuration

Case sensitive: Whether to enable case sensitivity during the comparison. When disabled, the condition performs a case-insensitive match for both the header names and the values against the defined patterns.
Name: The exact name of the response header to inspect. Multiple headers can be added to the list.
Pattern: The RE2 regular expression used to evaluate the specific header’s value.
Defined patterns: The list of all active name-pattern pairs for this condition. The condition returns true only if the response matches every entry in this list.

Measurement

The condition resolves the specified headers from the outgoing response and evaluates them against the Defined patterns as a collective set.

Response headers do not match

Mon, 01 Jan 0001 00:00:00 +0000

This condition inspects the outgoing response to verify if a specific set of header names and their corresponding values is absent. It returns true if any specified header name is missing or if any header value does not match its respective regular expression .

Note:

This web control condition is only available on Response web controls.

Configuration

Case sensitive: Whether to enable case sensitivity during the comparison. When disabled, the condition performs a case-insensitive match for both the header names and the values against the defined patterns.
Name: The exact name of the response header to inspect. Multiple headers can be added to the list.
Pattern: The RE2 regular expression used to evaluate the specific header’s value.
Defined patterns: The list of all active name-pattern pairs for this condition. The condition returns true if the response fails to match the entire set defined in this list.

Measurement

The condition resolves the specified headers from the outgoing response and evaluates them against the Defined patterns as a collective set.

Status code matches

Mon, 01 Jan 0001 00:00:00 +0000

This condition inspects the HTTP status code returned in the response to determine if it matches a specified value or category. It returns true if the status code matches the codes or shorthand classes defined in the configuration.

Note:

This web control condition is only available on Response web controls.

Configuration

Enter status code(s): The values used to evaluate the response status code. This field supports specific codes, shorthand classes, and comma-separated lists.
- Specific codes: Enter the exact three-digit number (e.g., 200).
- Code classes: Use shorthand notation to match an entire range of codes (e.g., 2xx matches any 200-level success code).
- Multiple entries: Separate multiple values with a comma (e.g., 200,404,5xx).

Measurement

The condition extracts the numerical HTTP status code from the response and converts it into a string representation (e.g., 200 becomes "200"). It then evaluates this string against a regular expression pattern generated from your input. The condition returns true only if the status code string matches the pattern.

User agent matches

Mon, 01 Jan 0001 00:00:00 +0000

This condition inspects the User-Agent header of the incoming request to determine if it matches a regular expression . It returns true if the header value satisfies any of the defined patterns.

Configuration

Case sensitive: Whether to enable case sensitivity during the comparison. When disabled, the condition performs a case-insensitive match against the User-Agent string.
Enter your pattern(s): The RE2 regular expression used to evaluate the User-Agent string. Entries should be separated by a new line.
Defined patterns: The list of all active patterns for this condition. The condition returns true if the User-Agent header matches any pattern in this list.

Measurement

The condition extracts the User-Agent header from the incoming request and evaluates it against the Defined patterns.

User agent does not match

Mon, 01 Jan 0001 00:00:00 +0000

This condition inspects the User-Agent header of the incoming request to determine if it does not match a regular expression . It returns true if the header value does not satisfy any of the defined patterns.

Configuration

Case sensitive: Whether to enable case sensitivity during the comparison. When disabled, the condition performs a case-insensitive match against the User-Agent string.
Enter your pattern(s): The RE2 regular expression used to evaluate the User-Agent string. Entries should be separated by a new line.
Defined patterns: The list of all active patterns for this condition. The condition returns true only if the User-Agent header fails to match every pattern in this list.

Measurement

The condition extracts the User-Agent header from the incoming request and evaluates it against the Defined patterns.

URL matches

Mon, 01 Jan 0001 00:00:00 +0000

This condition inspects the incoming request URL to determine if it matches the specified criteria. It supports a segmented wildcard interface for common URL structures or a list of regular expressions for complex matching logic.

Configuration

Case sensitive: Determines if the comparison ignores character casing. When disabled, the system performs a case-insensitive match against all URL components.
Use regular expressions: Whether to enable regular expression matching. When enabled, the input mode switches from segmented wildcard fields to a list of regex patterns.
- Disabled: Provides separate fields for Scheme, Domain, Path, and Query.
- Enabled: Provides a list of regex patterns evaluated against the full, normalized, and unescaped unicode URL string.
Defined patterns: The list of URL objects. The condition returns true if the request matches any single entry in this list.

Wildcard patterns

When Use regular expressions is disabled, you define a URL structure using these components:

URL does not match

Mon, 01 Jan 0001 00:00:00 +0000

This condition inspects the incoming request URL to determine if it does not match the specified criteria. It supports a segmented wildcard interface for common URL structures or a list of regular expressions for complex matching logic.

Configuration

Case sensitive: Determines if the comparison ignores character casing. When disabled, the system performs a case-insensitive match against all URL components.
Use regular expressions: Whether to enable regular expression matching. When enabled, the input mode switches from segmented wildcard fields to a list of regex patterns.
- Disabled: Provides separate fields for Scheme, Domain, Path, and Query.
- Enabled: Provides a list of regex patterns evaluated against the full, normalized, and unescaped unicode URL string.
Defined patterns: The list of URL objects. The condition returns true only if the request fails to match every single entry in this list.

Wildcard patterns

When Use regular expressions is disabled, you define a URL structure using these components: