Conditional Rules

Conditional Rules let you customize smoxy's behavior based on rich conditions like IP addresses, geographic location, headers, cookies, and more. Unlike Page Rules which stop at first match, Conditional Rules allow multiple rules to apply to the same request, making them perfect for complex, layered configurations.

What are Conditional Rules?

Conditional Rules allow you to override any smoxy configuration setting based on powerful conditional logic. They're ideal for scenarios where you need multiple configuration changes to stack together or when URL patterns alone aren't sufficient.

Key characteristics:

Execute fourth (last) in the rule sequence (after Access, Rewrite, and Page Rules)
Rich condition matching - IP, country, headers, cookies, user agents, and more
Evaluated in position order (1, 2, 3...)
All matching rules apply - multiple rules can modify the same request
Optional Stop - set stop=true to halt further evaluation
Can override any smoxy setting from your site configuration

How Conditional Rules Work

Conditional Rules are evaluated in ascending position order (1 → 2 → 3...) for every incoming request. When a rule's conditions match, its settings are applied, and evaluation continues to the next rule (unless stop=true).

Position-Based Evaluation

Request from Germany, mobile device
    ↓
Conditional Rule (Position 1) → Match (Country = DE)? → Apply Settings → CONTINUE
    ↓
Conditional Rule (Position 2) → Match (Mobile)? → Apply Settings → CONTINUE
    ↓
Conditional Rule (Position 3) → Match (URI = /api)? → No match → Skip
    ↓
Response (with settings from Rule 1 AND Rule 2)

Important: Unlike Page and Access Rules, Conditional Rules do not automatically stop after the first match. All matching rules apply their settings unless a rule has stop=true.

Conditions & Expressions

Conditional Rules use a rich condition builder that lets you match requests based on various characteristics including:

URI: Request path
Host: Domain name
IP: Client IP address or IP ranges
Country: ISO 3166-2 country code
City: Client's city
Subdivisions: State/region
Is European: Boolean - true if request is from EU
Method: HTTP method (GET, POST, PUT, DELETE, etc.)
User Agent: Browser or client identifier
Referer: Referring page URL
Accept Language: Client's preferred language
Cookie: Specific cookie value
Arg: Query parameter value
HTTP: Any HTTP header value
Cache-Control: Cache-Control header directives

Operators

Equal: Value matches exactly
Not Equal: Value doesn't match
In: Value is in a list
Not In: Value is not in a list
Matches: Matches regex pattern
Contains: Contains substring
Not Contains: Doesn't contain substring
Exists: Field exists (regardless of value)
Not Exists: Field doesn't exist

AND/OR Logic

Combine multiple conditions with AND/OR operators to create sophisticated rules:

(Country = "DE" OR Country = "AT" OR Country = "CH")
AND
URI starts with /checkout

Stop Behavior

The Stop option is unique to Conditional Rules and controls whether evaluation continues after a rule matches.

How Stop Works

When stop=false (default):

Rule's settings are applied
Evaluation continues to the next Conditional Rule
Multiple rules can modify the same request

When stop=true:

Rule's settings are applied
All subsequent Conditional Rules are skipped
Other rule types (Access, Rewrite, Page) are not affected

When to Use Stop

Use stop=true when:

A rule should be final and no further modifications are needed
You want to prevent conflicting settings from other rules
You're implementing maintenance mode or similar override scenarios

Example:

Position 1: IF (maintenance mode cookie) THEN (show maintenance page) STOP
Position 2: IF (office IP) THEN (disable auth) [never evaluated during maintenance]
Position 3: IF (mobile) THEN (optimize) [never evaluated during maintenance]

When to Use Conditional Rules

Use Conditional Rules When:

✅ You need complex conditions (IPs, countries, headers, cookies, etc.)
✅ You want multiple rules to apply to the same request
✅ You need advanced AND/OR logic with multiple conditions
✅ URL patterns alone aren't sufficient
✅ Different conditions require different configurations that should stack

Use Page Rules Instead When:

❌ You only need simple URL-based matching
❌ You want first match wins behavior
❌ The logic can be expressed with URL patterns only

Settings: Override Any Configuration

Conditional Rules can override any setting from your site's configuration, just like Page Rules. This includes:

Routing: Choose different origins or load balancers
Caching: Control cache TTL, cache keys, cache tags, bypass cache
Image Optimization: AVIF, WebP, JPEG, PNG quality levels
Security: Enable/disable WAF, basic auth, custom error pages
Headers: Add, modify, or remove request/response headers
Optimization: HTML/JS/CSS minification
Advanced: Maintenance mode, debug headers, proxy timeouts

Simply select the settings you want to override when creating or editing a Conditional Rule. The available settings are grouped by category in the smoxy dashboard.

Use Cases & Examples

Example 1: Geographic Content Optimization

Scenario: Serve higher quality images to users in wealthy markets, standard quality elsewhere.

Position: 1
Condition: Country in ["US", "GB", "DE", "CH", "AU"]
Settings:
- JPEG Quality: 85
- WebP Quality: 85

Position: 2
Condition: Country in ["IN", "BR", "MX"]
Settings:
- JPEG Quality: 70
- WebP Quality: 70

Result: Both rules can apply (if conditions match), US users get higher quality

Why not Page Rules? Page Rules can't match on country - you need Conditional Rules for geographic targeting.

Example 2: Disable Basic Auth for Office IPs

Scenario: Your site uses basic authentication, but your team shouldn't need to login from the office.

Position: 1
Condition: IP in [203.0.113.0/24, 198.51.100.50]
Settings:
- Basic Authentication: Disabled

Position: 2
Condition: URI starts with "/admin"
Settings:
- Basic Authentication: Enabled
- Basic Auth Users: admin_users

Result: Office bypasses auth (Rule 1), but auth is still enabled for admin area (Rule 2)

Why not Access Rules? Access Rules are for blocking/challenging/whitelisting, not for toggling features like basic auth.

Example 3: Mobile-Optimized Images

Scenario: Mobile users should get more aggressive image optimization to save bandwidth.

Position: 1
Condition: User Agent matches "(Mobile|Android|iPhone|iPad)"
Settings:
- JPEG Quality: 75
- PNG Quality: 80
- WebP Quality: 75
- Image Max Width: 1200px

Position: 2
Condition: Country = "IN" AND User Agent matches "(Mobile|Android)"
Settings:
- JPEG Quality: 65
- WebP Quality: 65

Result: Mobile users get optimized images, mobile users in India get extra optimization

Why multiple rules? Both rules can apply - Rule 1 sets baseline mobile optimization, Rule 2 adds extra optimization for specific markets.

Conditional Rules vs Page Rules

The key differences:

Feature

Page Rules

Conditional Rules

Matching

URL patterns only

Rich conditions (IP, country, headers, etc.)

Execution

First match wins, stops

All matching rules apply

Stop option

Yes (optional)

Position

3rd in sequence

4th (last) in sequence

Settings

Override any setting

Can you use both? Absolutely! They complement each other:

Page Rule: /api/* → Set API load balancer
Conditional Rule: User-Agent = "mobile" → Enable mobile optimizations
→ Both apply to mobile requests to /api/users

Execution order: Page Rule executes first (stops on match), then Conditional Rules evaluate (all matching apply).

Rule Order Best Practices

1. Critical Rules First

Place rules that should always take precedence at lower positions:

Position 1: Maintenance mode (with stop=true)
Position 2-5: Business logic rules
Position 6+: Optimization rules

2. Use Stop Strategically

Position 1: IF (emergency mode) THEN (minimal features) STOP
Position 2+: Normal operational rules (skipped during emergency)

3. Layer Complementary Rules

Since all matching rules apply, you can build layered configurations:

Position 1: IF (Country = "DE") THEN (GDPR-compliant headers)
Position 2: IF (Mobile) THEN (Mobile optimizations)
Position 3: IF (URI = /checkout) THEN (High security)
→ German mobile checkout gets all three!

4. Avoid Conflicting Settings

If multiple rules set the same configuration key, the last matching rule wins:

Position 1: IF (Country = "US") THEN (Cache TTL = 3600)
Position 2: IF (URI = /api) THEN (Cache TTL = 60)
→ US requests to /api get TTL = 60 (last match wins)

Using IP Lists

Instead of hardcoding IPs in each rule, create reusable IP Lists in your account settings:

Create an IP List named "office_ips" with your office IP ranges
Reference it in your Conditional Rule conditions

Benefit: Update the IP list once, and all rules using it are automatically updated across all your sites.

Uniqueness

Each site can only have one Conditional Rule per unique expression. If you try to create a duplicate, you'll see: "The rule for this expression already exists."

This prevents duplicate rules and keeps your configuration clean.

Common Mistakes

❌ Forgetting rules stack

Position 1: IF (URI = /api) THEN (Cache = disabled)
Position 2: IF (URI = /api/*) THEN (Cache = enabled & Cache TTL = 3600)
→ Both apply, last one wins: Cache = enabled with TTL 3600

✅ Be aware of interactions

Use stop=true or consolidate into one rule when needed

❌ Using Stop too early

Position 1: IF (Country = "US") THEN (settings) STOP
Position 2: IF (Mobile) THEN (mobile settings) [never applies to US mobile users]

✅ Stop only when necessary

Remove stop=true unless you specifically need to halt evaluation

❌ Using Conditional Rules for simple URLs

Condition: URI starts with "/admin"
→ Should use Page Rule instead

✅ Use Page Rules for URL-only logic

Page Rule: Match /admin/* → Settings
(Simpler and executes earlier)

❌ Conflicting settings from multiple rules

Position 1: IF (Mobile) THEN (Image Quality = 80)
Position 2: IF (Country = "US") THEN (Image Quality = 90)
→ US mobile users get Quality = 90 (last match wins)

✅ Plan for overlapping conditions

Either use stop, adjust positions, or accept last-match-wins behavior

Testing Conditional Rules

Enable Debug Headers in your site configuration
Make test requests with different conditions (IPs, user agents, etc.)
Check response headers to see which Conditional Rules matched
Verify settings are being applied in the expected order
Test overlapping conditions to ensure the last-match-wins behavior is acceptable

Last updated 2 months ago

Was this helpful?

hashtagWhat are Conditional Rules?

hashtagHow Conditional Rules Work

hashtagPosition-Based Evaluation

hashtagConditions & Expressions

hashtagOperators

hashtagAND/OR Logic

hashtagStop Behavior

hashtagHow Stop Works

hashtagWhen to Use Stop

hashtagWhen to Use Conditional Rules

hashtagUse Conditional Rules When:

hashtagUse Page Rules Instead When:

hashtagSettings: Override Any Configuration

hashtagUse Cases & Examples

hashtagExample 1: Geographic Content Optimization

hashtagExample 2: Disable Basic Auth for Office IPs

hashtagExample 3: Mobile-Optimized Images

hashtagConditional Rules vs Page Rules

hashtagRule Order Best Practices

hashtag1. Critical Rules First

hashtag2. Use Stop Strategically

hashtag3. Layer Complementary Rules

hashtag4. Avoid Conflicting Settings

hashtagUsing IP Lists

hashtagUniqueness

hashtagCommon Mistakes

hashtagTesting Conditional Rules