| TRUE | always_true | 总是匹配 |
| FALSE | always_false | 从不匹配 |
| HTTP | req_proto_http | 匹配HTTP协议 |
| HTTP_1.0 | req_ver 1.0 | 匹配HTTP协议1.0 |
| HTTP_1.1 | req_ver 1.1 | 匹配HTTP协议1.1 |
| HTTP_CONTENT | hdr_val(content-length) gt 0 | 匹配已存在内容长度 |
| HTTP_URL_ABS | url_reg [/:]*?/ | 匹配URL绝对路径 |
| HTTP_URL_SLASH | url_beg / | 匹配URL相对路径 |
| HTTP_URL_STAR | url * | 匹配 URL 等于 “*” |
| LOCALHOST | src 127.0.0.1/8 | 匹配从localhost来的连接 |
| METH_CONNECT | method CONNECT | 匹配HTTP CONNECT方法 |
| METH_GET | method GET HEAD | match HTTP GET or HEAD method |
| METH_HEAD | method HEAD match | HTTP HEAD method |
| METH_OPTIONS | method OPTIONS | match HTTP OPTIONS method |
| METH_POST | method POST | match HTTP POST method |
| METH_TRACE | method TRACE | match HTTP TRACE method |
| RDP_COOKIE | req_rdp_cookie_cnt gt 0 | match presence of an RDP cookie |
| REQ_CONTENT | req_len gt 0 | match data in the request buffer |
| WAIT_END | wait_end | wait for end of content ysis |
