Either one or all conditions must match for a rule to be evaluated. Conditions can be ordered.
What we are evaluating.
Type | Explanation |
---|---|
header | If used, the header name must be specified in the "name" attribute. |
method | The method of the request. GET, POST, HEAD etc. |
port | The port that the web application server is running on. |
time | Current time at the server (this will be the number of seconds since 00:00:00 1970-01-01 UTC otherwise known as unix time). i.e. (new Date()).getTime() This can be used for making sure content goes live only at a time you set. |
year | Current year at the server. i.e. (Calendar.getInstance()).get(Calendar.YEAR) |
month | Month at the server. January is 0 i.e. (Calendar.getInstance()).get(Calendar.MONTH) |
dayofmonth | Day of the month at the server. March first is 1 i.e. (Calendar.getInstance()).get(Calendar.DAY_OF_MONTH) |
dayofweek | Day of the week at the server. Saturday is 1, Sunday is 7 i.e. (Calendar.getInstance()).get(Calendar.DAY_OF_WEEK) |
ampm | AM or PM time at the server. i.e. (Calendar.getInstance()).get(Calendar.AM_PM) |
hourofday | The hour of the day (24 hour clock) at the server. 10pm is 22 i.e. (Calendar.getInstance()).get(Calendar.HOUR_OF_DAY) |
minute | The minute field of the current time at the server. i.e. (Calendar.getInstance()).get(Calendar.MINUTE) |
second | The second field of the current time at the server. i.e. (Calendar.getInstance()).get(Calendar.SECOND) |
millisecond | The millisecond field of the current time at the server. i.e. (Calendar.getInstance()).get(Calendar.MILLISECOND) |
attribute | Will check the value of a request attribute (don't confuse this with parameter!), name must be set when using this type. i.e. request.getAttribute([name]) |
auth-type | Will check the value of a request attribute (don't confuse this with parameter!) i.e. request.getAuthType() |
character-encoding | The character encoding of the incoming request. i.e. request.getCharacterEncoding() |
content-length | The length of the imcoming request (can be useful if you want to deny large requests). i.e. request.getContentLength() |
content-type | The type of the imcoming request. (this is probably not that useful) i.e. request.getContentType() |
context-path | The context path of the imcoming request. i.e. request.getContextPath() |
cookie | The value of a cookie, note, name must be specified to use this i.e. request.getCookies() the find we the one with [name] specified and check the value. |
parameter | A tidier way of checking request parameters than looking for them in the query string. This will check for the parameter in GET or POST, note, name must be specified. i.e. request.getParameter([name]) |
path-info | i.e. request.getPathInfo() |
path-translated | i.e. request.getPathTranslated() |
protocol | The protocol used to make the request, e.g. HTTP/1.1 i.e. request.getProtocol() |
query-string | The query string used to make the request (if any), e.g. id=2345&name=bob i.e. request.getQueryString() |
remote-addr | The IP address of the host making the request, e.g. 123.123.123.12 i.e. request.getRemoteAddr() |
remote-host | The host name of the host making the request, e.g. 123qw-dsl.att.com (note, this will only work if your app server is configured to look up host names, most aren't). i.e. request.getRemoteHost() |
remote-user | The login of the user making this request, if the user has been authenticated, e.g. bobt i.e. request.getRemoteUser() |
requested-session-id | Returns the session ID specified by the client, e.g. 2344asd234sada4 i.e. request.getRequestedSessionId() |
requested-session-id-from-cookie | Whether the requested session ID is from a cookie or not i.e. request.isRequestedSessionIdFromCookie() |
requested-session-id-from-url | Whether the requested session ID is from the URL or not i.e. request.isRequestedSessionIdFromURL() |
requested-session-id-valid | Whether the requested session ID is valid or not i.e. request.isRequestedSessionIdValid() |
request-uri | Returns the part of this request's URL from the protocol name up to the query string in the first line of the HTTP request i.e. request.getRequestURI() |
request-url | Reconstructs the URL the client used to make the request. The returned URL contains a protocol, server name, port number, and server path, but it does not include query string parameters. i.e. request.getRequestURL() |
session-attribute | (note, name must be set) i.e. session.getAttribute([name]) |
session-isnew | Weather the session is new or not. i.e. session.isNew() |
server-name | The host name of the server to which the request was sent (from the host header not the machine name). i.e. request.getServerName() |
scheme | The scheme used for the request, e.g. http or https i.e. request.getScheme() |
user-in-role | (Note, the value for this cannot be a regular expression) i.e. request.isUserInRole([value]) |
The following types require an extra parameter
Type | Parameter |
---|---|
header | The name of the header to evaluate |
attribute | The name of the request attribute to evaluate |
cookie | The name of the cookie to evaluate |
parameter | The name of the request parameter to evaluate |
session-attribute | The name of the session-attribute to evaluate |