Skip to main content

Rule Gallery

Explore a curated collection of example configurations spanning from common to unconventional use-cases for the Traffic Policy module.

Deny non-GET requests:

This rule denies all inbound traffic that is not a GET request.

inbound:
  - expressions:
      - req.Method != 'GET'
    actions:
      - type: deny

Custom response for unauthorized requests

This rule sends a custom response with status code 401 and body Unauthorized for requests without an Authorization header.

inbound:
  - expressions:
      - "!('Authorization' in req.Headers)"
    actions:
      - type: custom-response
        config:
          status_code: 401
          content: Unauthorized

Rate limiting for specific endpoint:

This rule applies rate limiting of 30 requests per second to the endpoint /api/videos.

inbound:
  - expressions:
      - req.URL.contains('/api/specific_endpoint')
    actions:
      - type: rate-limit
        config:
          name: Only allow 30 requests per minute
          algorithm: sliding_window
          capacity: 30
          rate: 60s
          bucket_key:
            - conn.ClientIP

User agent filtering

We deliver tailored content to Microsoft Edge users by examining the User-Agent header for the case-insensitive string (?i)edg/ succeeded by digits \d. To see how this works in practice, explore the following regex101 demonstration.

To ensure correct decoding from YAML/JSON, it's necessary to properly escape the \d sequence. In YAML, if your string is not enclosed in quotes, use a single escape: \\d. However, when your string is wrapped in quotes, either in YAML or JSON, you need to double-escape: \\\\d for accurate decoding.

inbound:
  - expressions:
      - "'User-Agent' in req.Headers"
      - size(req.Headers['User-Agent'].filter(x, x.matches('(?i).*Edg/\\d+.*')))
        > 0
    actions:
      - type: custom-response
        config:
          status_code: 200
          content: Hello Edge User!