Override expressions
Set an override expression for the HTTP DDoS Attack Protection managed ruleset to define a specific scope for sensitivity level or action adjustments.
For example, you can set different sensitivity levels for different request URI paths: a medium sensitivity level for URI path A
and a low sensitivity level for URI path B
.
Available expression fields
You can use the following fields in override expressions:
cf.client.bot
cf.threat_score
http.cookie
http.host
http.referer
http.request.uri
http.request.uri.path
http.request.uri.query
http.request.full_uri
http.request.method
http.request.version
http.request.cookies
http.user_agent
http.x_forwarded_for
ip.geoip.asnum
ip.geoip.continent
ip.geoip.country
ip.geoip.is_in_european_union
ip.src
ssl
cf.tls_client_auth.cert_verified
Refer to Fields in the Rules language documentation for more information.