Override expressions
Set an override expression for the HTTP DDoS Attack Protection managed ruleset to define a specific scope for sensitivity level or action adjustments.
For example, you can set different sensitivity levels for different request URI paths: a medium sensitivity level for URI path A and a low sensitivity level for URI path B.
You can use the following fields in override expressions:
cf.bot_management.ja3_hashcf.bot_management.ja4cf.client.botcf.threat_scorecf.tls_ciphercf.tls_client_auth.cert_verifiedcf.tls_versioncf.verified_bot_categoryhttp.cookiehttp.hosthttp.refererhttp.request.headershttp.request.headers.nameshttp.request.headers.truncatedhttp.request.headers.valueshttp.request.urihttp.request.uri.pathhttp.request.uri.path.extensionhttp.request.uri.queryhttp.request.full_urihttp.request.methodhttp.request.versionhttp.request.cookieshttp.user_agenthttp.x_forwarded_forip.geoip.asnumip.geoip.continentip.geoip.countryip.geoip.is_in_european_unionip.srcip.src.asnumip.src.continentip.src.countryip.src.is_in_european_unionssl
Refer to the Fields reference in the Rules language documentation for more information.