From 02abd31e95117bf0c04ae170ab7259ed1b70a734 Mon Sep 17 00:00:00 2001
From: Nic <123965403+ngayerie@users.noreply.github.com>
Date: Wed, 4 Dec 2024 10:57:41 +0100
Subject: [PATCH 1/3] [Rules] Update operators.mdx
PCX-14884
---
src/content/docs/ruleset-engine/rules-language/operators.mdx | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/content/docs/ruleset-engine/rules-language/operators.mdx b/src/content/docs/ruleset-engine/rules-language/operators.mdx
index e093a8f89f7d756..74d890503c15d63 100644
--- a/src/content/docs/ruleset-engine/rules-language/operators.mdx
+++ b/src/content/docs/ruleset-engine/rules-language/operators.mdx
@@ -189,6 +189,11 @@ lower(http.request.uri.path) contains "/wp-login.php"
Wildcard matching is only supported with the `wildcard` and `strict wildcard` operators, and regular expression matching is only supported with the `matches` operator.
:::
+### Using Lists
+
+When selecting `Hostname` or `AS Num` as *Field*, you use the additionals `is in list` / `is not in list` operators.
+You first need to create a [List](/waf/tools/lists/custom-lists/).
+
### Wildcard matching
The `wildcard` operator performs a case-insensitive match between a field value and a literal string containing zero or more `*` metacharacters. Each `*` metacharacter represents zero or more characters. The `strict wildcard` operator performs a similar match, but is case-sensitive.
From 4d44d660f33e588e76165f75fc461c086f926f50 Mon Sep 17 00:00:00 2001
From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com>
Date: Wed, 4 Dec 2024 12:17:14 +0000
Subject: [PATCH 2/3] PCX review
---
.../rules-language/operators.mdx | 56 ++++++++++++++-----
1 file changed, 42 insertions(+), 14 deletions(-)
diff --git a/src/content/docs/ruleset-engine/rules-language/operators.mdx b/src/content/docs/ruleset-engine/rules-language/operators.mdx
index 74d890503c15d63..5811234966eff83 100644
--- a/src/content/docs/ruleset-engine/rules-language/operators.mdx
+++ b/src/content/docs/ruleset-engine/rules-language/operators.mdx
@@ -118,7 +118,7 @@ The Rules language supports these comparison operators:
- Exactly
contains |
+ Contains |
contains |
|
✅ |
@@ -129,7 +129,29 @@ The Rules language supports these comparison operators:
- Matches
regex* |
+ Wildcard1
(case-insensitive) |
+ wildcard |
+ |
+ ✅ |
+ ❌ |
+ ❌ |
+
+ http.request.uri.path wildcard "/articles/*"
+ |
+
+
+ Strict wildcard1
(case-sensitive) |
+ strict wildcard |
+ |
+ ✅ |
+ ❌ |
+ ❌ |
+
+ http.request.uri.path strict wildcard "/AdminTeam/*"
+ |
+
+
+ Matches
regex2 |
matches |
~ |
✅ |
@@ -140,21 +162,25 @@ The Rules language supports these comparison operators:
- Value is in
a set of values |
+ Is in set of values / list3 |
in |
|
✅ |
✅ |
✅ |
- ip.src in {"{ 203.0.113.0 203.0.113.1 }"}
+ ip.src in {"{ 203.0.113.0 203.0.113.1 }"}
+ ip.src.asnum in $<LIST>
|
-\* _Access to the `matches` operator requires a Cloudflare Business or Enterprise plan._
+{/* prettier-ignore */}
+1 For more information, refer to [Wildcard matching](#wildcard-matching).
+2 Access to the `matches` operator requires a Cloudflare Business or Enterprise plan. For more information, refer to [Regular expression matching](#regular-expression-matching).
+3 For more information, refer to [Inline lists](/ruleset-engine/rules-language/values/#inline-lists) and [Lists](/waf/tools/lists/).
:::caution
Comparison operators entered using English notation (such as `eq`, `lt`, and `gt`) must be written in lowercase.
@@ -162,12 +188,19 @@ Comparison operators entered using English notation (such as `eq`, `lt`, and `gt
### Additional operators in the Cloudflare dashboard
-The Cloudflare dashboard shows the following functions as operators:
+The Cloudflare dashboard may show the following additional operators, depending on the exact field and the type of rule:
- _starts with_ (corresponding to the [`starts_with()`](/ruleset-engine/rules-language/functions/#starts_with) function): Returns `true` when a string starts with a given substring, and `false` otherwise.
+
- _ends with_ (corresponding to the [`ends_with()`](/ruleset-engine/rules-language/functions/#ends_with) function): Returns `true` when a string ends with a given substring, and `false` otherwise.
-However, when writing your own custom expressions, you must use these functions in function calls, not as operators. For example:
+- _is in list_ (corresponding to ` in $`): Returns `true` when the field value is present in the specified [list](/waf/tools/lists/), and `false` otherwise. For more information, refer to [Use lists in expressions](/waf/tools/lists/use-in-expressions/).
+
+- _is not in list_ (corresponding to `not in $`): Returns `true` when the field value is not present in the specified [list](/waf/tools/lists/), and `false` otherwise. For more information, refer to [Use lists in expressions](/waf/tools/lists/use-in-expressions/).
+
+:::note
+
+When writing your own custom expressions, you must use the `starts_with()` and `ends_with()` functions in function calls, not as operators. For example:
```txt
# Valid function call
@@ -177,6 +210,8 @@ ends_with(http.request.uri.path, ".html")
http.request.uri.path ends_with ".html"
```
+:::
+
### Comparing string values
String comparison in rule expressions is case-sensitive. To account for possible variations of string capitalization in an expression, you can use the [`lower()`](/ruleset-engine/rules-language/functions/#lower) function and compare the result with a lowercased string, like in the following example:
@@ -185,14 +220,7 @@ String comparison in rule expressions is case-sensitive. To account for possible
lower(http.request.uri.path) contains "/wp-login.php"
```
-:::caution
Wildcard matching is only supported with the `wildcard` and `strict wildcard` operators, and regular expression matching is only supported with the `matches` operator.
-:::
-
-### Using Lists
-
-When selecting `Hostname` or `AS Num` as *Field*, you use the additionals `is in list` / `is not in list` operators.
-You first need to create a [List](/waf/tools/lists/custom-lists/).
### Wildcard matching
From 0b0c982a912153404cbf0bbf3d6cc418f863811c Mon Sep 17 00:00:00 2001
From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com>
Date: Wed, 4 Dec 2024 15:10:01 +0000
Subject: [PATCH 3/3] Mention potential limitation
---
src/content/docs/ruleset-engine/rules-language/operators.mdx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/content/docs/ruleset-engine/rules-language/operators.mdx b/src/content/docs/ruleset-engine/rules-language/operators.mdx
index 5811234966eff83..a37c10e26f8c469 100644
--- a/src/content/docs/ruleset-engine/rules-language/operators.mdx
+++ b/src/content/docs/ruleset-engine/rules-language/operators.mdx
@@ -180,7 +180,7 @@ The Rules language supports these comparison operators:
{/* prettier-ignore */}
1 For more information, refer to [Wildcard matching](#wildcard-matching).
2 Access to the `matches` operator requires a Cloudflare Business or Enterprise plan. For more information, refer to [Regular expression matching](#regular-expression-matching).
-3 For more information, refer to [Inline lists](/ruleset-engine/rules-language/values/#inline-lists) and [Lists](/waf/tools/lists/).
+3 Currently, not all Cloudflare products support lists in their expressions. For more information on lists, refer to [Inline lists](/ruleset-engine/rules-language/values/#inline-lists) and [Lists](/waf/tools/lists/).
:::caution
Comparison operators entered using English notation (such as `eq`, `lt`, and `gt`) must be written in lowercase.