Language
Wirefilter#
The wirefilter language is used in Peakhour.IO to define filters that identify matching requests and responses. This language is used throughout the request lifetime in Peakhour.IO's rules system, and it defines the available fields that can be used during each phase. The available fields are dependent on the stage of the request, and operators and functions can be used to define complex criteria.
Comparison operators#
When comparing fields in the wirefilter language, you can use the following comparison operators:
| operator | comparison |
|---|---|
| eq, == | Equal |
| ne, != | Not Equal |
| gt, > | Greater Than |
| lt, < | Less Than |
| ge, >= | Greater than or Equal to |
| le, <= | Less than or Equal to |
For example, to filter requests from a specific IP address, you could use the following filter:
ip.src eq 1.1.1.1
Search and match operators#
contains#
The "contains" operator allows you to search for a sequence of characters within a string. For example, you can use the following filter to search for a specific HTTP URL:
http.request.uri contains ".html"
This filter would match requests that contain ".html" in the URI.
Functions#
Functions provide additional capabilities for comparison and manipulation of values within the filter. You can find a comprehensive list of available functions in the Functions section of the documentation.
Logical expressions#
Tests can be combined using logical expressions, such as "and" and "or". The following table lists the available logical operators:
| operator | operator |
|---|---|
| and, && | Logical AND |
| or, | Logical OR |
| not, ! | Logical NOT |
You can also use parentheses to group expressions:
(ip.src eq 1.1.1.1 or ip.src eq 1.1.1.1) and http.request.uri eq "/"
Membership operator#
The membership operator allows you to check if a field matches a set of values. For example, to check against several IP addresses, you can use the following filter:
ip.src in {1.1.1.1,2.2.2.2}
This filter is equivalent to:
ip.src eq 1.1.1.1 or ip.src eq 2.2.2.2
Block Requests from a Specific IP Address
ip.src eq 1.1.1.1
Use cases#
In this section, we will explore some sample use cases for the wirefilter language to give a better understanding of its capabilities and versatility.
This rule matches any requests from the IP address 1.1.1.1 and can be used to block such requests.
- Match Requests for a Specific URL
http.request.uri eq "/index.html"
This rule matches only requests for the specific URL "/index.html" and can be used to allow only these requests.
- Match Requests with Query Strings
http.request.uri contains "?"
This rule matches any requests that contain query strings and can be used to block such requests.
- Block Requests with Specific User-Agent
any(http.request.headers["User-Agent"][*] == "BadBot")
This rule matches any requests with the specific User-Agent "BadBot" and can be used to block such requests.
- Match Requests with Specific Referer
any(http.request.headers["Referer"][*] == "https://www.example.com")
This rule matches any requests with the specific Referer "https://www.example.com" and can be used to allow only these requests.
These sample use cases serve to highlight the range of functionality that can be achieved with the wirefilter language in the Peakhour.IO service. With its support for comparison operators, functions, and logical expressions, along with the ability to check for membership and search for a sequence of characters, wirefilter offers a powerful tool to define rules and control the behavior of the service. By leveraging this language, users can further tailor the Peakhour.IO service to meet their specific needs.