Rule Configuration Reference

Request Path

The full request path on the incoming request, always starting with a leading /

Target Path

The framework determined x-matched-path

When matching on the target path, the custom rule will run after middleware. If the rule blocks a request, middleware charges could be incurred

Method

The HTTP method used to make the request

User Agent

The HTTP user agent used to make the request

Request Header

The request header on the original request. Define both the header key and value you want to match

You cannot match headers set by middleware, as the rule runs before middleware is invoked

Query

Any incoming query parameter on the original request. Define both the query key and value you want to match

Cookie

Any incoming cookie on the original request. Define both the query key and value you want to match

Hostname

The hostname used for the incoming request

This applies to projects with multiple domains such as platforms that assign a domain to each user of the platform

IP Address

The original or forwarded IP address on the incoming request

Protocol

The HTTP protocol of the original request

Environment

The Vercel Environment that received this request

Preview or Production

Vercel Region

The Vercel region that received this request

Continent

The continent based on the client IP address

A shorthand for the x-vercel-ip-continent header

State

The state (Country Region) based on the client IP address

A shorthand for the x-vercel-ip-country-region header

Country

The country based on the client IP address

A shorthand for the x-vercel-ip-country header

City

The city based on the client IP address

A shorthand for the x-vercel-ip-city header

AS Number

The Autonomous System Number based on the client IP address

Digits only

JA3 Digest

The calculated TLS digest of the incoming request

JA4 Digest

The calculated TLS digest of the incoming request

@vercel/firewall

ID for a rate limit instrumented in code via the `@vercel/firewall` package

Equals

• An exact string match

Does not equal

Inverse of Equals

Is any of

• An exact string match, matching any of the provided values
• Acts like a SQL IN query

Is not any of

• Ensures the source is not a match with any of the provided values
• Acts like a SQL NOT IN query

Contains

• Includes the provided value

Does not contain

Inverse of Contains

Starts with

• A string operator matching the start of the string
• Optimized for performance. It's preferred to use this over a regex prefix expression

Does not start with

Inverse of Starts with

Ends with

• A string operator matching the end of the string
• Optimized for performance. It's preferred to use this over a regex suffix expression

Does not end with

Inverse of Ends with

Matches expression

• A PCRE (Perl Compatible Regular Expression) compliant regular expression
• Useful for negative matches like “does not contain” or similar strict matching criteria

Does not match expression

Inverse of Matches expression

Exists

• Useful when matching a key value pair like a header, query parameter or cookie
• Checks that the key exists regardless of value

Does not exist

• Useful when matching a key value pair like a header, query parameter or cookie
• Ensures that the key does not exist