--- title: "Support Matrix for Custom Signature Rules" slug: "support-matrix-custom-signature-rules" description: "Traceable’s Custom Signature Rules and Support Matrix help you configure precise API protections across all supported WAF integrations. It helps you quickly identify supported attributes and operations to ensure consistent, effective threat detection." updated: 2026-01-13T10:05:52Z published: 2026-01-13T10:05:52Z --- > ## Documentation Index > Fetch the complete documentation index at: https://traceabledocs.document360.io/llms.txt > Use this file to discover all available pages before exploring further. # Support Matrix for Custom Signature Rules ##### Updates (January 2026 to March 2026) - *January 2026 —*Updated the topic to add information about each WAF integration topic. For more information, see [Supported Attributes and Operators for WAF Integrations](/v1/docs/support-matrix-custom-signature-rules#supported-attributes-and-operators-for-waf-integrations). Traceable supports Custom Signature rules across multiple [WAF integrations](https://docs.traceable.ai/docs/waf-1), with varying support for specific attributes and operators. The support matrix serves as a reference for creating these rules, ensuring they are practical and efficient. The matrix highlights supported attributes, operators, and descriptions of each attribute supported. It helps you understand compatibility and implement rules effectively across environments. To create a Custom Signature rule, navigate to **Protection**→ **Settings**→ **Custom policy** and click the **Custom Signature**tab. The screenshot below highlights the attributes and supported operators for creating Custom Signature Rules. For more information, see [Custom Signature](https://docs.traceable.ai/docs/custom-policy#creating-custom-rules). ![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/Traceable_cs_support matrix.gif) Custom Signature Rule Creation --- ## Support Matrix The matrix below explains a summary of how different WAF integrations handle request attributes and operators supported by each WAF integration, helping you configure rules that are reliable, effective, and consistent. > [!NOTE] > Note > > - *Azure* and *F5* WAF integrations do not support Custom Signature Rules. However, they support threat actors and malicious source rules (IP range only) > - The supported operators in the matrix below have the following implications: > - `==` implies matches exactly, and `!=` implies does not match exactly. > - `Contains` implies contains string, and `! contains` implies does not contain string. > - `Match` implies matches pattern, and `! match` implies does not match a pattern. > - `~` implies partially supported. | **Attributes** | **AWS** | **Akamai** | **Cloudflare** | **Fortinet** | **Google Cloud Armor** (**GCA)** | **Imperva** | **Supported Operators** | **Notes** | | --- | --- | --- | --- | --- | --- | --- | --- | --- | | Request URL | ✔ | ✖ | ✔ | ✔ | ✔ | ✔ | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | One expression is required for Google Cloud Armor integration. | | Request Header Name | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | `==`, `!=`, `contains`, `match`, `!match` | - One expression is required for Google Cloud Armor integration. - For Fortinet, the Request Header key supports the `contains` operator, but Traceable requires configuring it with the `==` operator as it does not support partial matches. | | Request Header Value | ✖ | ✔ | ✔ | ✖ | ✔ | ✔ | `==`, `contains`, `match` | - AWS and Fortinet do not support Request Header Value. - Akamai only supports `==` and `match` operators. | | Request Parameter Name | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | `==`, `!=`, `contains`, `match`, `!match` | Fortinet does not support the `!match `operation. | | Request Parameter Value | ✔ | ✖ | ✔ | ✔ | ✔ | ✔ | `==`, `contains`, `match` | Fortinet does not support the `!match `operation. | | Request HTTP Method | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | - The Request HTTP supports Standard methods: GET, POST, HEAD, PUT, DELETE, OPTIONS, TRACE, and CONNECT. - One expression is required for Google Cloud Armor integration. | | Request Host | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Two expressions are required for Google Cloud Armor integration. | | Request User-Agent | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | `==`, `!=`, `contains`, `!contain`, `match`, `!match` | Two expressions are required for Google Cloud Armor integration. | | Request Body | ✔ | ✖ | **~** | ✖ | ✔ | ✖ | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Cloudflare WAF is only supported for Advanced/Enterprise modes. | | Request Cookie Name | ✖ | ✔ | ✔ | ✖ | ✔ | ✔ | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Two expressions are required for Google Cloud Armor integration. | | Request Cookie Value | ✖ | ✔ | ✔ | ✖ | ✔ | ✔ | `==`, `contains`, `match` | Two expressions are required for Google Cloud Armor integration. | | Header (Key+Value) | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | Key : `==`, `!=`, `match`, `!match` Value: `==`, `!=`, `contains`, `!contains`, `match`, `!match` | - The Request Header Key only supports the `==` operation. - Request Header Value only supports `==` and `!=` operators. | | Cookie (Key+Value) | ✖ | ✔ | ✔ | ✖ | ✔ | ✔ | Key : `==`, `!=`, `match`, `!match` Value: `==`, `!=`, `contains`, `!contains`, `match`, `!match` | - Request Cookie Key only supports the `==` operation. - Request Header Value only supports `==` and `!=` operators. | | Parameter (Key+Value) | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | Key : `==`, `!=`, `match`, `!match` Value: `==`, `!=`, `contains`, `!contains`, `match`, `!match` | - The Request Parameter Key only supports the `==` operation. - Request Header Value only supports `==` and `!=` operators. - In Fortinet, the Request Parameter supports all operators except `! Match`. - When multiple conditions are applied, Fortinet evaluates them using OR expressions rather than AND. | | Regex Pattern Matching | ✔ | ✖ | ✔ | ✔ | ✔ | ✔ | `match`, `!match` | - Cloudflare integration supports regular expression (regex) patterns in Business/Enterprise plans only. - Akamai does not support regular expression (Regex) pattern matching. | --- ## Supported Attributes and Operators for WAF Integrations Traceable supports a list of third-party WAF integrations that support Custom Signature rules, and you can set up one or more integrations from your Traceable platform. For more information, see [WAF Integrations](https://docs.traceable.ai/docs/waf-1). The following is a list of supported third-party WAFs that support Custom Signature rules: - AWS Integration - Akamai Integration - Cloudflare - Google Cloud Armor (GCA) - Fortinet - Imperva The following section provides information on the supported attributes and operators for each WAF mentioned above. Expand each section to learn more. ****AWS Integration**** The matrix below highlights the attributes and supported operators for the AWS WAF integration. | Attributes | Supported Operators | Description | Notes | | --- | --- | --- | --- | | Request URL | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches the full request URL string. | — | | Request header name | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches the names of headers in the HTTP request. | — | | Request header value | Not supported | Matches the values of headers in the HTTP request. | AWS does not support Request Header Value. | | Request parameter value | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches parameter names in query strings or form data. | — | | Request HTTP method | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches the HTTP method used in the request, such as GET or POST. | — | | Request Host | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches the user-agent string in the request header. | — | | HTTP User-Agent | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches the user-agent string in the request header. | — | | Request body | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches the raw body content of the HTTP request. | — | | Request Cookie name | Not supported | Matches cookie names. | — | | Request cookie value | Not supported | Matches cookie values. | — | ****Akamai Integration**** The matrix below highlights the attributes and supported operators for the Akamai WAF integration. | Attributes | Supported Operators | Description | Notes | | --- | --- | --- | --- | | Request URL | Not supported | Matches the complete request URL string. | — | | Request header name | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches the names of headers in the HTTP request. | — | | Request Header Value | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches the values of headers in the HTTP request. | Akamai only supports `==` and `match` operators. | | Request parameter name | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches parameter names in query strings or form data. | — | | Request parameter value | Not supported | Matches parameter values in query strings or form data. | — | | Request HTTP method | The following are supported: - GET - POST - HEAD - PUT - DELETE - HTTP_DELETE - OPTIONS - TRACE - CONNECT | Matches the HTTP method used in the request, such as GET or POST. | — | | Request Host | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches the host portion of the request URL. | It has to be in the format, for example, `example.com`, `text.ai` | | Request user agent | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches the user-agent string in the request header. | — | | Request HTTP body | Not supported | Matches the raw body content of the HTTP request. | — | | Request Cookie name | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches cookie names. | — | | Request cookie value | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches cookie values. | — | | Request header | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches specific header key-value pairs. | - The Request Header Key supports only an exact match action. - Request Header Value only supports exact match/not match. | | Request cookie | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches cookie key-value pairs. | - Request Cookie Key supports only an exact match action. - Request Cookie Value only supports exact match/not match. | | Request parameter | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches a specific parameter and its corresponding value in the URL or request body. | - The Request Parameter Key supports only an exact match action. - Request Parameter Value only supports exact match/not match. | | Regex Pattern | Not supported | Matches a specific regex pattern. | Akamai does not support regular expression (Regex) pattern matching. | ****Cloudflare**** The matrix below highlights the attributes and supported operators for the Cloudflare WAF integration. | Attribute | Supported Operators | Description | Notes | | --- | --- | --- | --- | | Request URL | `[not] http.request.full_uri eq / contains / matches` | Matches the complete request URL string. | — | | Request Header Name | `[not] any(http.request.headers.names[*] eq / contains / matches)` | Matches the names of headers in the HTTP request. | — | | Request Header Value | `[not] any(http.request.headers.values[*] eq / contains / matches)any(...[*][*])` for arrays | Matches the values of headers in the HTTP request. | It supports nested arrays. | | Request HTTP Method | `[not] http.request.method eq / contains / matches` | Matches the HTTP method used in the request, such as GET or POST. | — | | HTTP User-Agent | `[not] http.user_agent eq / contains / matches` | Matches the user-agent string in the request header. | — | | HTTP****Host | `[not] http.host eq / contains / matches` | Matches the host portion of the request URL. | — | | HTTP****Body | `[not] http.request.body.raw eq / contains / matches` | Matches the raw body content of the HTTP request. | It is available only with WAF Advanced or Enterprise Application Security Core plans. | | Specific Request****Header****Match | `any(http.request.headers["header-name"][*] == "value")` | Matches a specific header name with its value. | It does not support dynamic name–value pair comparison. | | Parameter Name + Value | `any(http.request.uri.args["param"][*] == "value")any(http.request.body.form["param"][*] == "value")` | Matches a specific parameter and its corresponding value in the URI or request body. | — | | Request Parameter Name | `any(http.request.uri.args.names[*] == "param")any(http.request.body.form.names == "param")` | Matches parameter names in query strings or form data. | — | | Request Parameter Value | `any(http.request.uri.args.values[*] == "value")any(http.request.body.form.values == "value")` | Matches parameter values in query strings or form data. | — | | Regex Matching | `http.request.<attribute>.matches("regex")` | Matches the specified attribute using a regular expression. | - It is supported only in business and enterprise plans**.** - It applies to most string-based attributes. | ****Google Cloud Armor**** The matrix below highlights the attributes and supported operators for the Google Cloud Armor WAF integration. > [!NOTE] > Note > > - Google Cloud Armor supports a maximum of five sub expressions for each rule with a custom expression. > - Google Cloud Armor has limitations on the maximum number of expressions that can be used to create a rule. For more information, see [Google Cloud Armor Limits](https://cloud.google.com/armor/quotas#limits). | Attributes | Supported Operators | Description | Notes | | --- | --- | --- | --- | | Request HTTP Method | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches HTTP methods such as GET and POST. | One expression is required for Google Cloud Armor integration. | | Request URL | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches the request path (excluding query string). | One expression is required for Google Cloud Armor integration. | | Request Header Name | `==`, `!=` | Matches specific header names. | One expression is required for Google Cloud Armor integration. | | Request Header Value | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches specific header key-value pairs. | — | | Request Host | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches the Host header in the request. | Two expressions are required for Google Cloud Armor integration. | | Request User-Agent | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches the User-Agent header. | Two expressions are required for Google Cloud Armor integration. | | Request Cookie | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches cookie key-value pairs. | | | Request Cookie Name | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches cookie names. | Two expressions are required for Google Cloud Armor integration. | | Request Cookie Value | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches cookie values. | — | ****Fortinet**** The matrix below highlights the attributes and supported operators for the Fortinet WAF integration. | Attributes | Supported Operators | Description | Notes | | --- | --- | --- | --- | | HTTP Method | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches HTTP methods such as GET and POST. | — | | Request URL | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches the request path (excluding query string). | — | | Request Header Name | `==`, `!=` | Matches specific header names. | - The request Header only allows the `contains` operator for the header name, while it supports all operators for the Header value. - However, in Traceable, the header name should be configured as the `==` operator since `contains` is not supported in Traceable for the request header. | | Request Header | Not Supported | Matches specific header key-value pairs. | — | | Host | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches the Host header in the request. | — | | User-Agent | `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches the User-Agent header. | — | | Cookie | Not Supported | Matches cookie key-value pairs. | — | | Cookie Name | Not Supported | Matches cookie names. | — | | Cookie Value | Not Supported | Matches cookie values. | — | | Parameter (Key+Value) | Key : `==`, `!=`, `match`, `!match` Value: `==`, `!=`, `contains`, `!contains`, `match`, `!match` | Matches parameter key and its corresponding value | - The Request Parameter supports all operators except `!match` - If there are multiple conditions, it evaluates them using OR expressions rather than AND. | ****Imperva**** The Custom Signature rule type in the Imperva integration allows you to define website-specific blocking rules tailored to your application’s traffic. Each rule consists of a filter condition and an associated action. When rules are created through Traceable, only the rule attributes and operators exposed by Imperva’s APIs are available, so Traceable supports a defined subset of valid attribute–operator combinations for custom signature rules. The matrix below highlights the attributes and supported operators for the Imperva WAF integration. | Attributes | Supported Operators | Description | Notes | | --- | --- | --- | --- | | Request URL | `==`, `!=`, `contains`, `not contains` | Matches request path (excluding query string) | For `==` and `!=`, must start with `/` | | Request Header Name | `==`, `!=` | Matches specific header names | — | | Request Header Value | `==`, `!=`, `contains`, `not contains` | Matches specific header values | — | | Request Header | `==` | Matches a specific header | — | | Paramater Name | `==`, `!=` , `contains`, `not contains` | Checks for the existence of query parameters or POST fields | Example: `ParamExists != "test"` | | Parameter Value | `==` | Matches specific key-value pairs in query or POST data | Example: `ParamValue == {"Admin";"true"}` | | Parameter | `==`, `!=`, `contains`, `not contains` | Matches any value in query or POST data | Example: `AnyParamValue == "debug"` | | Request HTTP Method | `==`, `!=` | Matches HTTP methods (e.g., GET, POST) | — | | Host | `==`, `!=`, `contains`, `not contains` | Matches the Host header in the request | — | | User-Agent | `==`, `!=`, `contains`, `not contains` | Matches the User-Agent header | — | | Cookie Name | `==`, `!=`, `contains`, `not contains` | Matches cookie names | — | | Cookie Value | `==` | Matches specific cookie key-value pairs | Example: `CookieValue == {"SessionID";"abc"}` | Custom Signature rules allow you to define precise conditions for evaluating incoming requests by examining attributes, such as headers, cookies, parameters, or payloads. By specifying operators and values for these attributes, you can detect and block malicious or unwanted traffic that may bypass default security protections. These rules provide fine-grained control over threat detection, enabling you to enforce security policies according to your requirements. Using these rules, you can improve your API and application security, reducing false positives, and address attack patterns that standard signatures may not cover. Cookies are small pieces of data sent by a web server and stored on a user's device, typically a web browser. They are often used for session management, tracking user preferences, and maintaining state between HTTP requests. Cookies are not commonly used to transmit API Keys or other sensitive authentication information because they are more susceptible to various security vulnerabilities like cross-site scripting (XSS) attacks and cross-site request forgery (CSRF) attacks.