Support Matrix for Custom Signature Rules

Updates (January 2026 to March 2026)

January 2026 — Updated the topic to add information about each WAF integration topic. For more information, see Supported Attributes and Operators for WAF Integrations.

Traceable supports Custom Signature rules across multiple WAF integrations, with varying support for specific attributes and operators. The support matrix serves as a reference for creating these rules, ensuring they are practical and efficient. The matrix highlights supported attributes, operators, and descriptions of each attribute supported. It helps you understand compatibility and implement rules effectively across environments. To create a Custom Signature rule, navigate to Protection → Settings → Custom policy and click the Custom Signature tab.

The screenshot below highlights the attributes and supported operators for creating Custom Signature Rules. For more information, see Custom Signature.

Support Matrix

The matrix below explains a summary of how different WAF integrations handle request attributes and operators supported by each WAF integration, helping you configure rules that are reliable, effective, and consistent.

Note
Azure and F5 WAF integrations do not support Custom Signature Rules. However, they support threat actors and malicious source rules (IP range only)
The supported operators in the matrix below have the following implications:
== implies matches exactly, and != implies does not match exactly.
Contains implies contains string, and ! contains implies does not contain string.
Match implies matches pattern, and ! match implies does not match a pattern.
~ implies partially supported.

Attributes	AWS	Akamai	Cloudflare	Fortinet	Google Cloud Armor (GCA)	Imperva	Supported Operators	Notes
Request URL	✔	✖	✔	✔	✔	✔	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	One expression is required for Google Cloud Armor integration.
Request Header Name	✔	✔	✔	✔	✔	✔	`==`, `!=`, `contains`, `match`, `!match`	One expression is required for Google Cloud Armor integration. For Fortinet, the Request Header key supports the `contains` operator, but Traceable requires configuring it with the `==` operator as it does not support partial matches.
Request Header Value	✖	✔	✔	✖	✔	✔	`==`, `contains`, `match`	AWS and Fortinet do not support Request Header Value. Akamai only supports `==` and `match` operators.
Request Parameter Name	✔	✔	✔	✔	✔	✔	`==`, `!=`, `contains`, `match`, `!match`	Fortinet does not support the `!match` operation.
Request Parameter Value	✔	✖	✔	✔	✔	✔	`==`, `contains`, `match`	Fortinet does not support the `!match` operation.
Request HTTP Method	✔	✔	✔	✔	✔	✔	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	The Request HTTP supports Standard methods: GET, POST, HEAD, PUT, DELETE, OPTIONS, TRACE, and CONNECT. One expression is required for Google Cloud Armor integration.
Request Host	✔	✔	✔	✔	✔	✔	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Two expressions are required for Google Cloud Armor integration.
Request User-Agent	✔	✔	✔	✔	✔	✔	`==`, `!=`, `contains`, `!contain`, `match`, `!match`	Two expressions are required for Google Cloud Armor integration.
Request Body	✔	✖	~	✖	✔	✖	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Cloudflare WAF is only supported for Advanced/Enterprise modes.
Request Cookie Name	✖	✔	✔	✖	✔	✔	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Two expressions are required for Google Cloud Armor integration.
Request Cookie Value	✖	✔	✔	✖	✔	✔	`==`, `contains`, `match`	Two expressions are required for Google Cloud Armor integration.
Header (Key+Value)	✔	✔	✔	✔	✔	✔	Key : `==`, `!=`, `match`, `!match` Value: `==`, `!=`, `contains`, `!contains`, `match`, `!match`	The Request Header Key only supports the `==` operation. Request Header Value only supports `==` and `!=` operators.
Cookie (Key+Value)	✖	✔	✔	✖	✔	✔	Key : `==`, `!=`, `match`, `!match` Value: `==`, `!=`, `contains`, `!contains`, `match`, `!match`	Request Cookie Key only supports the `==` operation. Request Header Value only supports `==` and `!=` operators.
Parameter (Key+Value)	✔	✔	✔	✔	✔	✔	Key : `==`, `!=`, `match`, `!match` Value: `==`, `!=`, `contains`, `!contains`, `match`, `!match`	The Request Parameter Key only supports the `==` operation. Request Header Value only supports `==` and `!=` operators. In Fortinet, the Request Parameter supports all operators except `! Match`. When multiple conditions are applied, Fortinet evaluates them using OR expressions rather than AND.
Regex Pattern Matching	✔	✖	✔	✔	✔	✔	`match`, `!match`	Cloudflare integration supports regular expression (regex) patterns in Business/Enterprise plans only. Akamai does not support regular expression (Regex) pattern matching.

Supported Attributes and Operators for WAF Integrations

Traceable supports a list of third-party WAF integrations that support Custom Signature rules, and you can set up one or more integrations from your Traceable platform. For more information, see WAF Integrations. The following is a list of supported third-party WAFs that support Custom Signature rules:

AWS Integration
Akamai Integration
Cloudflare
Google Cloud Armor (GCA)
Fortinet
Imperva

The following section provides information on the supported attributes and operators for each WAF mentioned above. Expand each section to learn more.

AWS Integration

The matrix below highlights the attributes and supported operators for the AWS WAF integration.

Attributes	Supported Operators	Description	Notes
Request URL	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches the full request URL string.	—
Request header name	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches the names of headers in the HTTP request.	—
Request header value	Not supported	Matches the values of headers in the HTTP request.	AWS does not support Request Header Value.
Request parameter value	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches parameter names in query strings or form data.	—
Request HTTP method	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches the HTTP method used in the request, such as GET or POST.	—
Request Host	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches the user-agent string in the request header.	—
HTTP User-Agent	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches the user-agent string in the request header.	—
Request body	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches the raw body content of the HTTP request.	—
Request Cookie name	Not supported	Matches cookie names.	—
Request cookie value	Not supported	Matches cookie values.	—

Akamai Integration

The matrix below highlights the attributes and supported operators for the Akamai WAF integration.

Attributes	Supported Operators	Description	Notes
Request URL	Not supported	Matches the complete request URL string.	—
Request header name	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches the names of headers in the HTTP request.	—
Request Header Value	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches the values of headers in the HTTP request.	Akamai only supports `==` and `match` operators.
Request parameter name	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches parameter names in query strings or form data.	—
Request parameter value	Not supported	Matches parameter values in query strings or form data.	—
Request HTTP method	The following are supported: GET POST HEAD PUT DELETE HTTP_DELETE OPTIONS TRACE CONNECT	Matches the HTTP method used in the request, such as GET or POST.	—
Request Host	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches the host portion of the request URL.	It has to be in the format, for example, `example.com`, `text.ai`
Request user agent	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches the user-agent string in the request header.	—
Request HTTP body	Not supported	Matches the raw body content of the HTTP request.	—
Request Cookie name	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches cookie names.	—
Request cookie value	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches cookie values.	—
Request header	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches specific header key-value pairs.	The Request Header Key supports only an exact match action. Request Header Value only supports exact match/not match.
Request cookie	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches cookie key-value pairs.	Request Cookie Key supports only an exact match action. Request Cookie Value only supports exact match/not match.
Request parameter	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches a specific parameter and its corresponding value in the URL or request body.	The Request Parameter Key supports only an exact match action. Request Parameter Value only supports exact match/not match.
Regex Pattern	Not supported	Matches a specific regex pattern.	Akamai does not support regular expression (Regex) pattern matching.

Cloudflare

The matrix below highlights the attributes and supported operators for the Cloudflare WAF integration.

Attribute	Supported Operators	Description	Notes
Request URL	`[not] http.request.full_uri eq / contains / matches`	Matches the complete request URL string.	—
Request Header Name	`[not] any(http.request.headers.names[*] eq / contains / matches)`	Matches the names of headers in the HTTP request.	—
Request Header Value	`[not] any(http.request.headers.values[] eq / contains / matches)any(...[][*])` for arrays	Matches the values of headers in the HTTP request.	It supports nested arrays.
Request HTTP Method	`[not] http.request.method eq / contains / matches`	Matches the HTTP method used in the request, such as GET or POST.	—
HTTP User-Agent	`[not] http.user_agent eq / contains / matches`	Matches the user-agent string in the request header.	—
HTTP Host	`[not] http.host eq / contains / matches`	Matches the host portion of the request URL.	—
HTTP Body	`[not] http.request.body.raw eq / contains / matches`	Matches the raw body content of the HTTP request.	It is available only with WAF Advanced or Enterprise Application Security Core plans.
Specific Request Header Match	`any(http.request.headers["header-name"][*] == "value")`	Matches a specific header name with its value.	It does not support dynamic name–value pair comparison.
Parameter Name + Value	`any(http.request.uri.args["param"][] == "value")any(http.request.body.form["param"][] == "value")`	Matches a specific parameter and its corresponding value in the URI or request body.	—
Request Parameter Name	`any(http.request.uri.args.names[*] == "param")any(http.request.body.form.names == "param")`	Matches parameter names in query strings or form data.	—
Request Parameter Value	`any(http.request.uri.args.values[*] == "value")any(http.request.body.form.values == "value")`	Matches parameter values in query strings or form data.	—
Regex Matching	`http.request.<attribute>.matches("regex")`	Matches the specified attribute using a regular expression.	It is supported only in business and enterprise plans. It applies to most string-based attributes.

Google Cloud Armor

The matrix below highlights the attributes and supported operators for the Google Cloud Armor WAF integration.

Note
Google Cloud Armor supports a maximum of five sub expressions for each rule with a custom expression.
Google Cloud Armor has limitations on the maximum number of expressions that can be used to create a rule. For more information, see Google Cloud Armor Limits.

Attributes	Supported Operators	Description	Notes
Request HTTP Method	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches HTTP methods such as GET and POST.	One expression is required for Google Cloud Armor integration.
Request URL	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches the request path (excluding query string).	One expression is required for Google Cloud Armor integration.
Request Header Name	`==`, `!=`	Matches specific header names.	One expression is required for Google Cloud Armor integration.
Request Header Value	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches specific header key-value pairs.	—
Request Host	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches the Host header in the request.	Two expressions are required for Google Cloud Armor integration.
Request User-Agent	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches the User-Agent header.	Two expressions are required for Google Cloud Armor integration.
Request Cookie	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches cookie key-value pairs.
Request Cookie Name	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches cookie names.	Two expressions are required for Google Cloud Armor integration.
Request Cookie Value	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches cookie values.	—

Fortinet

The matrix below highlights the attributes and supported operators for the Fortinet WAF integration.

Attributes	Supported Operators	Description	Notes
HTTP Method	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches HTTP methods such as GET and POST.	—
Request URL	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches the request path (excluding query string).	—
Request Header Name	`==`, `!=`	Matches specific header names.	The request Header only allows the `contains` operator for the header name, while it supports all operators for the Header value. However, in Traceable, the header name should be configured as the `==` operator since `contains` is not supported in Traceable for the request header.
Request Header	Not Supported	Matches specific header key-value pairs.	—
Host	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches the Host header in the request.	—
User-Agent	`==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches the User-Agent header.	—
Cookie	Not Supported	Matches cookie key-value pairs.	—
Cookie Name	Not Supported	Matches cookie names.	—
Cookie Value	Not Supported	Matches cookie values.	—
Parameter (Key+Value)	Key : `==`, `!=`, `match`, `!match` Value: `==`, `!=`, `contains`, `!contains`, `match`, `!match`	Matches parameter key and its corresponding value	The Request Parameter supports all operators except `!match` If there are multiple conditions, it evaluates them using OR expressions rather than AND.

Imperva

The Custom Signature rule type in the Imperva integration allows you to define website-specific blocking rules tailored to your application’s traffic. Each rule consists of a filter condition and an associated action. When rules are created through Traceable, only the rule attributes and operators exposed by Imperva’s APIs are available, so Traceable supports a defined subset of valid attribute–operator combinations for custom signature rules.

The matrix below highlights the attributes and supported operators for the Imperva WAF integration.

Attributes	Supported Operators	Description	Notes
Request URL	`==`, `!=`, `contains`, `not contains`	Matches request path (excluding query string)	For `==` and `!=`, must start with `/`
Request Header Name	`==`, `!=`	Matches specific header names	—
Request Header Value	`==`, `!=`, `contains`, `not contains`	Matches specific header values	—
Request Header	`==`	Matches a specific header	—
Paramater Name	`==`, `!=` , `contains`, `not contains`	Checks for the existence of query parameters or POST fields	Example: `ParamExists != "test"`
Parameter Value	`==`	Matches specific key-value pairs in query or POST data	Example: `ParamValue == {"Admin";"true"}`
Parameter	`==`, `!=`, `contains`, `not contains`	Matches any value in query or POST data	Example: `AnyParamValue == "debug"`
Request HTTP Method	`==`, `!=`	Matches HTTP methods (e.g., GET, POST)	—
Host	`==`, `!=`, `contains`, `not contains`	Matches the Host header in the request	—
User-Agent	`==`, `!=`, `contains`, `not contains`	Matches the User-Agent header	—
Cookie Name	`==`, `!=`, `contains`, `not contains`	Matches cookie names	—
Cookie Value	`==`	Matches specific cookie key-value pairs	Example: `CookieValue == {"SessionID";"abc"}`