Decision Rules
Create advanced conditional rules for traffic handling
Decision Rules allow you to define advanced conditional logic to automatically block, allow, or monitor traffic based on request attributes and rate limits. Unlike simple block/allow lists, decision rules support complex conditions with multiple fields and operators.
Creating a Decision Rule
- Navigate to Decision Rules in the sidebar
- Click New Decision Rule
- Configure the rule sections described below
- Click Save
Rule Configuration
Basic Settings
- Name — A descriptive name for the rule
- Enable — Toggle to activate or deactivate the rule
- Project — Select which project this rule applies to
Rule Conditions
Conditions define when the rule should trigger. They use a hierarchical OR-AND logic:
- Multiple condition groups are combined with OR (any group matching triggers the rule)
- Within each group, multiple conditions are combined with AND (all conditions must match)
Each condition specifies:
- Field — The request attribute to evaluate
- Operator — How to compare the value
- Value — The value to match against
Available Fields
| Field | Description |
|---|---|
| IP | Client IP address |
| UUID | User identifier |
| GEO Country | Geographic country code |
| User Agent | Browser/client user agent string |
| HTTP Method | Request method (GET, POST, etc.) |
| Referer | Referring URL |
| URL | Request URL path |
| Query String | URL query parameters (requires parameter name) |
| ASN | Autonomous System Number |
| RDNS | Reverse DNS hostname |
| Service Label | Backend service identifier |
| Service DB Label | Service database label |
| UA Label | Categorized user agent label |
| IDC Code | Internet Data Center code |
| BOT Code | Bot classification code |
Operators
Operators vary by field data type:
Text fields (IP, UUID, User Agent, URL, etc.):
| Operator | Description |
|---|---|
EQUALS | Exact match |
CONTAINS | Value contains the text |
STARTS_WITH | Value begins with the text |
ENDS_WITH | Value ends with the text |
REGEX | Matches a regular expression |
WILDCARD | Matches a wildcard pattern |
NOT_EQUALS | Does not exactly match |
NOT_CONTAINS | Does not contain the text |
NOT_STARTS_WITH | Does not begin with the text |
NOT_ENDS_WITH | Does not end with the text |
NOT_REGEX | Does not match the regex |
NOT_WILDCARD | Does not match the wildcard |
List fields (GEO Country):
| Operator | Description |
|---|---|
EQUALS | Exact match |
NOT_EQUALS | Does not match |
IN | Value is in the list |
NOT_IN | Value is not in the list |
Rate Limiting
Configure how the rule evaluates traffic frequency:
- Check Frequency — How often to evaluate the rule (in seconds)
- Rate Action — Trigger when rate is (greater than or equal) or (less than) the threshold
- Rate — Number of matching requests to trigger the action
- Time Window — The time period to count requests (in minutes)
For example: "Block if >= 100 matching requests in the past 5 minutes, checking every 5 seconds."
Action
Choose what happens when the rule triggers:
| Action | Description |
|---|---|
| Block | Block matching traffic |
| Unblock | Remove block on matching traffic |
| Monitor | Log without taking action |
Managing Decision Rules
Viewing Rules
The Decision Rules list shows all rules with their name and enable/disable status.
Editing a Rule
Click Settings on any rule to modify its configuration.
Enabling/Disabling a Rule
Toggle the Enable switch in the rule settings to activate or deactivate a rule without deleting it.
Deleting a Rule
- Open the rule settings
- Scroll to the Danger Zone
- Type the rule name to confirm
- Click Delete
Example: Rate-Limit by IP
To block IPs making more than 200 requests per minute:
- Create a new Decision Rule
- Set Name to "Rate limit by IP"
- Select your Project
- Add a condition: Field = IP, Operator = REGEX, Value =
.*(matches all IPs) - Set Rate Action to >=
- Set Rate to 200
- Set Time Window to 1 minute
- Set Check Frequency to 5 seconds
- Set Action to Block
- Enable the rule and save