Creating a Rule in the Rules Engine

Function

The rules engine allows you to configure rules in graphical mode, which is more flexible and fine-grained. By restricting trigger conditions, you can control the resource range for the configuration to take effect, meeting requirements in various scenarios.

Submit a service ticket to enable this function before using the API.

Calling Method

For details, see Calling APIs.

URI

POST /v1.0/cdn/configuration/domains/{domain_name}/rules

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
domain_name	Yes	String	Definition Acceleration domain name. Constraints N/A Range N/A Default Value N/A

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Definition User token, which can be obtained by calling the IAM API (value of X-Subject-Token in the response header). Constraints N/A Range N/A Default Value N/A

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
name	Yes	String	Definition Rule name. Constraints N/A Range 1 to 50 characters. Default Value N/A
status	Yes	String	Definition Whether the rule is enabled. Constraints N/A Range on: enabled. off: disabled. Default Value N/A
priority	Yes	Integer	Definition Rule priority. A larger value indicates a higher priority. Constraints The priority must be unique. Range 1 to 100. Default Value N/A
conditions	Yes	Conditions object	Definition Conditions for triggering the rule. Constraints N/A
actions	Yes	Array of Actions objects	Definition Action to be executed when the rule conditions are met. Constraints N/A

**Table 4** Conditions
Parameter	Mandatory	Type	Description
match	Yes	Match object	Definition Rule conditions. Constraints N/A

**Table 5** Match
Parameter	Mandatory	Type	Description
logic	Yes	String	Definition Logical operator. Constraints N/A Range and: AND relationship. or: OR relationship. Default Value N/A
criteria	Yes	Array of Criteria objects	Definition Match condition list. Constraints N/A

**Table 6** Criteria
Parameter	Mandatory	Type	Description
match_target_type	No	String	Definition Match target type. Constraints N/A Range schema: protocol used by a client request. method: request method used by a client request. path: URL requested by a client. arg: query parameters in a request URL. extension: file name extension of content requested by a client. filename: file name of content requested by a client. header: HTTP request headers. clientip: IP address of a client. clientip_version: IP version of a client request. ua: User-Agent of a client request. ngx_variable: Nginx variables. Default Value N/A
match_target_name	No	String	Definition Match target name. Constraints N/A Range When the match target type is set to schema, method, path, extension, filename, or ua, the parameter is left blank. When the match target type is set to arg, the value is the name of a query parameter. It can contain 1 to 100 characters, including letters, digits, hyphens (-), and underscores (_). It must start with a letter. When the match target type is set to header, the value is the name of a request header. It can contain 1 to 100 characters, including letters, digits, hyphens (-), and underscores (_). It must start with a letter. When the match target type is set to clientip, the value is an IP address source. It can be connect (connecting IP) or xff (x-forwarded-for header). When the match target type is set to clientip_version, the value is an IP version source. It can be connect (connecting IP) or xff (x-forwarded-for header). When the match target type is set to ngx_variable, the value is an Nginx variable name. It can be $protocol, $arg_, $http_, $scheme, $uri, $ssl_protocol, $ssl_server_name, $remote_addr, $http2, $request_method, or $sent_http_. Default Value N/A
match_type	No	String	Definition Match algorithm. Constraints N/A Range contains: Any condition specified in match_pattern is matched. Default Value N/A
match_pattern	No	Array of strings	Definition Match content. Constraints N/A Range When the match target type is set to schema, the value can be HTTP or HTTPS. When the match target type is set to method, the value can be GET, PUT, POST, DELETE, HEAD, OPTIONS, PATCH, TRACE or CONNECT. When the match target type is set to clientip_version, the value can be IPv4 or IPv6. When the match target type is set to path or ua, the value supports wildcard characters (). Default Value* N/A
negate	No	Boolean	Definition Whether to perform negation. This parameter is used together with match_type. For example, if negate is set to true and match_type is set to contains, the actual service logic is converted to not_contains. Constraints N/A Range true: negated. false: not negated. Default Value false
case_sensitive	No	Boolean	Definition Case insensitive or not. Constraints N/A Range true: case sensitive. false: case-insensitive. Default Value false
logic	No	String	Definition Nested condition logic operator. Constraints N/A Range and: AND relationship. or: OR relationship. Default Value N/A
criteria	No	Array of Criteria objects	Definition Nested condition list. Constraints N/A

**Table 7** Actions
Parameter	Mandatory	Type	Description
flexible_origin	No	Array of flexibleOriginsEngine objects	Definition Advanced origin rules. CDN can pull content from different origin servers by resource type or path. Constraints Up to 20 rules.
origin_request_header	No	Array of OriginRequestHeader objects	Definition Rewrite the HTTP headers in request URLs during CDN PoP origin pull. Constraints Original settings of all headers will be overwritten. When using this API, upload information of all headers. If a special request header is configured for the domain name in the backend, pass this header as well.
http_response_header	No	Array of HttpResponseHeader objects	Definition Headers returned by PoPs to clients. CDN includes them in responses to user requests for resources within that domain name. Constraints Original settings of all headers will be overwritten. When using this API, upload information of all headers. If a special request header is configured for the domain name in the backend, pass this header as well.
access_control	No	AccessControl object	Definition Access control. Constraints N/A
request_limit_rules	No	RequestLimitRulesEngine object	Definition Request rate limiting. This limits the user request rate within a specific range to reduce costs and the risk of burst bandwidth. Constraints N/A
origin_request_url_rewrite	No	OriginRequestUrlRewriteEngine object	Definition Origin request URL rewrite. Constraints Up to 20 rules.
cache_rule	No	CacheRulesEngine object	Definition Parameters used to control the cache TTL of origin server resources on CDN PoPs. Constraints N/A
request_url_rewrite	No	RequestUrlRewriteEngine object	Definition Access URL rewrite rules, which are used to redirect user requests to the URLs of cached content. Constraints N/A
browser_cache_rule	No	BrowserCacheRulesEngine object	Definition Browser cache TTL, during which users can obtain content directly from their browser cache (if available). Constraints N/A
error_code_cache	No	ErrorCodeCacheEngine object	Definition You can cache error codes returned by the origin server on CDN PoPs. When users request the same resources, CDN directly returns the error codes to the users. Constraints N/A

**Table 8** flexibleOriginsEngine
Parameter	Mandatory	Type	Description
sources_type	Yes	String	Definition Origin server type. Constraints N/A Range ipaddr: origin server IP address. domain: origin server domain name. obs_bucket: OBS bucket domain name. third_bucket: third-party bucket domain name. Default Value N/A
ip_or_domain	Yes	String	Definition IP address or domain name of the origin server. Constraints N/A Range N/A Default Value N/A
obs_bucket_type	No	String	Definition OBS bucket type. Constraints Mandatory when the origin server is an OBS bucket. Range private: private bucket. public: public bucket. Default Value public
bucket_access_key	No	String	Definition Access key of the third-party bucket. Constraints Mandatory when the origin server is a third-party bucket. Range N/A Default Value N/A
bucket_secret_key	No	String	Definition Secret key of the third-party bucket. Constraints Mandatory when the origin server is a third-party bucket. Range N/A Default Value N/A
bucket_region	No	String	Definition Region of the third-party bucket. Constraints Mandatory when the origin server is a third-party bucket. Range N/A Default Value N/A
bucket_name	No	String	Definition Name of the third-party bucket. Constraints Mandatory when the origin server is a third-party bucket. Range N/A Default Value N/A
host_name	No	String	Definition Host header. Constraints N/A Range N/A Default Value Acceleration domain name.
origin_protocol	No	String	Definition Request protocol for CDN origin pull. Constraints N/A Range follow: same as user. http: HTTP. https: HTTPS. Default Value http
http_port	No	Integer	Definition HTTP port. Constraints N/A Range 1 to 65,535. Default Value 80
https_port	No	Integer	Definition HTTPS port. Constraints N/A Range 1 to 65,535. Default Value 443
priority	Yes	Integer	Definition Priority. A larger value indicates a higher priority. Constraints N/A Range 1 to 100. Default Value N/A
weight	Yes	Integer	Definition Weight. A larger value indicates that content is pulled from this origin server more frequently. If there are multiple origin servers with the same priority, the weight determines the proportion of content pulled from each origin server. Constraints N/A Range 1 to 100. Default Value N/A

**Table 9** OriginRequestHeader
Parameter	Mandatory	Type	Description
name	Yes	String	Definition Name of an origin request header. Constraints N/A Range Enter 1 to 100 characters. Use only letters, digits, and hyphens (-). Start with a letter. Default Value N/A
value	No	String	Definition Value of the origin request header. Constraints N/A Range Enter 1 to 1,000 characters. Use only letters, digits, and the following special characters: .-_#!&+\|^~'"/:;,=@?<> This parameter is optional when the header is to be deleted. Chinese characters are not allowed. Variables, such as $client_ip* and $remote_port, are not allowed. Default Value N/A
action	Yes	String	Definition Operation type of the origin request header. Constraints A request header field can only be deleted or set. When action is set to set, if the header does not exist in the original origin request, it is added. If it exists, it is modified. Range delete set Default Value N/A

**Table 10** HttpResponseHeader
Parameter	Mandatory	Type	Description
name	Yes	String	Definition Name of an HTTP response header. Constraints N/A Range Enter 1 to 100 characters. Use only letters, digits, and hyphens (-). Start with a letter. Default Value N/A
value	No	String	Definition Value of the HTTP response header. Constraints N/A Range Enter 1 to 1,000 characters. Use only letters, digits, and the following special characters: .-_#!&+\|^~'"/:;,=@?<> This parameter is optional when the header is to be deleted. Default Value* N/A
action	Yes	String	Definition Operation type of the HTTP response header. Constraints A response header field can only be deleted or set. When action is set to set, if the header does not exist in the original HTTP response, it is added. If it exists, it is modified. Range set delete Default Value N/A

**Table 11** AccessControl
Parameter	Mandatory	Type	Description
type	Yes	String	Definition Access control type. Constraints N/A Range block: Block. trust: Allow. Default Value N/A

**Table 12** RequestLimitRulesEngine
Parameter	Mandatory	Type	Description
limit_rate_after	Yes	Long	Definition Rate limit condition. NOTE: For example, type=size,limit_rate_after=50 indicates that the speed is limited to the value of limit_rate_value after 50 bytes are transmitted. Constraints N/A Range 0 to 1,073,741,824, in bytes. Default Value N/A
limit_rate_value	Yes	Integer	Definition Rate limit, that is, the maximum access speed after the rate limit is reached. Constraints N/A Range 0 to 104,857,600, in bit/s. Default Value N/A

**Table 13** OriginRequestUrlRewriteEngine
Parameter	Mandatory	Type	Description
rewrite_type	Yes	String	Definition Rewrite method. Constraints N/A Range simple: exact. wildcard: capturing. regex: regular expression. (for whitelisted customers only. Submit a service ticket to enable this function.) Default Value N/A
source_url	No	String	Definition URI to rewrite. Constraints This parameter is mandatory when rewrite_type is set to wildcard or regex. When rewrite_type is set to regex, this parameter must start with ^/. Example: ^/test. Range Enter 1 to 512 characters. Wildcards () are supported. Example: /test//.mp4. A URI starts with a slash (/) and does not contain http://, https://, or the domain name. Default Value* N/A
target_url	Yes	String	Definition URI after rewrite. Constraints Range Enter 1 to 256 characters. A URI starts with a slash (/) and does not contain http://, https://, or the domain name. NOTE: The nth wildcard () field can be captured by $n, where n = 1, 2, 3, .... Example: /newtest/$1/$2.jpg. Default Value* N/A

**Table 14** CacheRulesEngine
Parameter	Mandatory	Type	Description
ttl	Yes	Integer	Definition TTL of a resource cached on CDN PoPs. Constraints Up to 365 days. Range N/A Default Value N/A
ttl_unit	Yes	String	Definition Unit of the cache TTL. Constraints N/A Range s: second. m: minute. h: hour. d: day. Default Value N/A
follow_origin	Yes	String	Definition Source of the cache TTL, that is, whether CDN PoPs use the cache TTL set on the origin server or that set in cache rules on CDN. Constraints N/A Range on: CDN PoPs use the TTL set on the origin server. off: CDN PoPs use the TTL set in cache rules. min_ttl: CDN PoPs use the shorter TTL between the TTL set on the origin server and that in cache rules. Default Value off
force_cache	No	String	Definition Forcible cache. Specify whether CDN PoP cache ignores the no-cache, private, and no-store fields in the Cache-Control response header sent from the origin server. Constraints Forcible cache is used together with cache TTL source. For details about the restrictions and configuration effect, see section "PoP Cache Rules" in the User Guide of CDN. Range on: enabled. off: disabled. Default Value off

**Table 15** RequestUrlRewriteEngine
Parameter	Mandatory	Type	Description
redirect_status_code	No	Integer	Definition Redirection status code. Constraints N/A Range 301 302 303 307 Default Value N/A
redirect_url	Yes	String	Definition Redirection URL. Constraints A target URL starts with a slash (/) and does not contain http://, https://, or the domain name. Example: /test/index.html. When the match type is set to full path, the wildcard () can be captured by $1. For example, if the content is /test/.jpg and the redirection URL is /newtest/$1.jpg, when a user requests /test/11.jpg, $1 is replaced by 11, so the requested URL after redirection is /newtest/11.jpg. Range N/A Default Value** N/A
redirect_host	Yes	String	Definition Domain name to which client requests are redirected. Constraints N/A Range Enter 1 to 255 characters. Start with http:// or https://. Default Value Acceleration domain name.
execution_mode	Yes	String	Definition Action. Constraints N/A Range redirect: If the requested URL matches this rule, the request is redirected to the target URL. After this rule is executed, if other rules exist, CDN continues to execute these rules. break: If the requested URL matches this rule, the request is redirected to the target URL. After this rule is executed, CDN does not execute any other rules and returns status code 200. You cannot set the redirection host or status code. Default Value N/A

**Table 16** BrowserCacheRulesEngine
Parameter	Mandatory	Type	Description
cache_type	Yes	String	Definition Cache effective type. Constraints N/A Range follow_origin: The cache policy of the origin server, that is, the setting of the Cache-Control header, is used. ttl: The TTL set in this rule is used. never: Browsers do not cache the resources. Default Value N/A
ttl	No	Integer	Definition Cache TTL. Constraints Up to 365 days. Mandatory when the cache effective type is set to ttl. Range N/A Default Value N/A
ttl_unit	No	String	Definition Unit of the cache TTL. Constraints Mandatory when the cache effective type is set to ttl. Range s: second. m: minute. h: hour. d: day. Default Value N/A

**Table 17** ErrorCodeCacheEngine
Parameter	Mandatory	Type	Description
code	Yes	Integer	Definition Error codes to cache. Constraints N/A Range 3xx: 301 and 302. 4xx: 400, 403, 404, 405, and 414. 5xx: 501, 502, 503, and 504. Default Value N/A
ttl	Yes	Integer	Definition Error code cache TTL. Constraints N/A Range 0 to 31,536,000, in seconds. NOTE: The cache TTL of 3XX status codes ranges from 0s to 20s. Default Value N/A

Response Parameters

Status code: 204

Request succeeded.

None

Example Requests

POST https://cdn.myhuaweicloud.com/v1.0/cdn/configuration/domains/www.example/rules

{
  "name" : "example",
  "status" : "on",
  "priority" : 1,
  "conditions" : {
    "match" : {
      "logic" : "and",
      "criteria" : [ {
        "match_target_type" : "scheme",
        "match_type" : "contains",
        "match_pattern" : [ "HTTP" ],
        "negate" : false,
        "case_sensitive" : false
      } ]
    }
  },
  "actions" : [ {
    "access_control" : {
      "type" : "block"
    }
  } ]
}

Example Responses

None

SDK Sample Code

The SDK sample code is as follows.

      
       
         
         
           package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.GlobalCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.cdn.v2.region.CdnRegion;
import com.huaweicloud.sdk.cdn.v2.*;
import com.huaweicloud.sdk.cdn.v2.model.*;

import java.util.List;
import java.util.ArrayList;

public class CreateRuleNewSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");

        ICredential auth = new GlobalCredentials()
                .withAk(ak)
                .withSk(sk);

        CdnClient client = CdnClient.newBuilder()
                .withCredential(auth)
                .withRegion(CdnRegion.valueOf("<YOUR REGION>"))
                .build();
        CreateRuleNewRequest request = new CreateRuleNewRequest();
        request.withDomainName("{domain_name}");
        CreateRuleRequest body = new CreateRuleRequest();
        AccessControl accessControlActions = new AccessControl();
        accessControlActions.withType("block");
        List<Actions> listbodyActions = new ArrayList<>();
        listbodyActions.add(
            new Actions()
                .withAccessControl(accessControlActions)
        );
        List<String> listCriteriaMatchPattern = new ArrayList<>();
        listCriteriaMatchPattern.add("HTTP");
        List<Criteria> listMatchCriteria = new ArrayList<>();
        listMatchCriteria.add(
            new Criteria()
                .withMatchTargetType("scheme")
                .withMatchType("contains")
                .withMatchPattern(listCriteriaMatchPattern)
                .withNegate(false)
                .withCaseSensitive(false)
        );
        Match matchConditions = new Match();
        matchConditions.withLogic("and")
            .withCriteria(listMatchCriteria);
        Conditions conditionsbody = new Conditions();
        conditionsbody.withMatch(matchConditions);
        body.withActions(listbodyActions);
        body.withConditions(conditionsbody);
        body.withPriority(1);
        body.withStatus("on");
        body.withName("example");
        request.withBody(body);
        try {
            CreateRuleNewResponse response = client.createRuleNew(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

          

        

      
     

      
       
         
         
           # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import GlobalCredentials
from huaweicloudsdkcdn.v2.region.cdn_region import CdnRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkcdn.v2 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]

    credentials = GlobalCredentials(ak, sk)

    client = CdnClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(CdnRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = CreateRuleNewRequest()
        request.domain_name = "{domain_name}"
        accessControlActions = AccessControl(
            type="block"
        )
        listActionsbody = [
            Actions(
                access_control=accessControlActions
            )
        ]
        listMatchPatternCriteria = [
            "HTTP"
        ]
        listCriteriaMatch = [
            Criteria(
                match_target_type="scheme",
                match_type="contains",
                match_pattern=listMatchPatternCriteria,
                negate=False,
                case_sensitive=False
            )
        ]
        matchConditions = Match(
            logic="and",
            criteria=listCriteriaMatch
        )
        conditionsbody = Conditions(
            match=matchConditions
        )
        request.body = CreateRuleRequest(
            actions=listActionsbody,
            conditions=conditionsbody,
            priority=1,
            status="on",
            name="example"
        )
        response = client.create_rule_new(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

          

        

      
     

      
       
         
         
           package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global"
    cdn "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")

    auth := global.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        Build()

    client := cdn.NewCdnClient(
        cdn.CdnClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.CreateRuleNewRequest{}
	request.DomainName = "{domain_name}"
	accessControlActions := &model.AccessControl{
		Type: "block",
	}
	var listActionsbody = []model.Actions{
        {
            AccessControl: accessControlActions,
        },
    }
	var listMatchPatternCriteria = List{
        "HTTP",
    }
	matchTargetTypeCriteria:= "scheme"
	matchTypeCriteria:= "contains"
	negateCriteria:= false
	caseSensitiveCriteria:= false
	var listCriteriaMatch = []model.Criteria{
        {
            MatchTargetType: &matchTargetTypeCriteria,
            MatchType: &matchTypeCriteria,
            MatchPattern: &listMatchPatternCriteria,
            Negate: &negateCriteria,
            CaseSensitive: &caseSensitiveCriteria,
        },
    }
	matchConditions := &model.Match{
		Logic: "and",
		Criteria: listCriteriaMatch,
	}
	conditionsbody := &model.Conditions{
		Match: matchConditions,
	}
	request.Body = &model.CreateRuleRequest{
		Actions: listActionsbody,
		Conditions: conditionsbody,
		Priority: int32(1),
		Status: "on",
		Name: "example",
	}
	response, err := client.CreateRuleNew(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

          

        

      
     