Step 2 — WHEN: Define Match Conditions¶
The Match conditions panel decides which requests this rule applies to. You can combine any of the four conditions below — when multiple are set, all must match (logical AND). Any field left empty matches all values.
PATH¶
The URL path the request is targeting. Supports glob-style wildcards.
| Pattern | Matches |
|---|---|
/* |
All paths |
/admin/* |
Anything under /admin/ |
/api/v1/users |
That exact path only |
/*.php |
Any path ending in .php |
METHODS¶
The HTTP methods this rule applies to. Click + Add to select one or more (e.g., GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD).
Use case: Apply stricter rules to state-changing methods (
POST,PUT,DELETE) while leaving safe methods (GET,HEAD) less restricted.
IPS¶
A list of source IP addresses or CIDR ranges this rule applies to. Click + Add to enter values such as 203.0.113.42 or 198.51.100.0/24.
HEADER¶
Match on a specific HTTP request header. Click + Add and provide the header name and value to match against.
Note: If you leave all four conditions empty, the rule matches every request. This is normally only used for a final catch-all rule at the bottom of the flow.
Previous: ← Step 1 — Open the Flow Editor Next: Step 3 — DO: Configure Rule Behavior →