Skip to content

Managing edge rules

Edge rules act on a request at the CDN edge — before it ever reaches your WordPress server. Use them to redirect URLs, force HTTPS, block traffic by country or IP, override how long content is cached, add response headers, and more. Each rule follows a simple When → Then shape: a set of conditions that decide when the rule applies, and an action that runs when they match.

Where edge rules fit

Edge rules are part of your site's CDN. For the bigger picture of how the edge layer (caching, WAF, and bot protection) works, see CDN & Shield.

Before you start

  • A site with CDN active. Edge rules require an active CDN pull zone — if CDN isn't enabled for the site yet, the Edge Rules page shows "CDN isn't active for this site" and you'll need to enable CDN first.
  • Permission to manage the site. Deleting a rule needs delete permission on the account.

Open the Edge Rules page

  1. Open your site. In the left sidebar, open My Sites and select the site you want to manage.

  2. Open the CDN section. In the site's left-hand sidebar, choose CDN, then Edge Rules. (Within the CDN section you can switch between the Caching and Edge Rules tabs.)

The Edge Rules page lists the rules already set up for the site, in the order they run, with a Summary, a Category badge (Redirect, Caching, Security, Headers, and so on), and an Enabled toggle for each.

Create a rule

  1. Start a new rule. On the Edge Rules page, click + New edge rule.

  2. Pick a starting point. You'll see a "Choose a starting point" template picker. Choose a template to pre-fill the form, or pick Start from scratch. Built-in templates include:

    • Force HTTPS — redirect all HTTP requests to HTTPS automatically
    • Redirect URL — send visitors to a different URL
    • Block by country — block or redirect traffic from specific countries
    • Override cache time — set a custom cache time for matched requests
    • Set response header — add a custom HTTP header to matching responses
    • Block IP / range — block requests from an IP address or CIDR range
    • Maintenance mode (503) — return a 503 for all requests

  3. Set the conditions (the "When"). In the When (triggers) card, each condition picks something to match on — for example URL matches, country is, IP is, or file extension is — and one or more Value entries to match against.

    • Click + Add value to match several values in one condition (up to 5 values per condition).
    • Each condition has its own Any / All / None match type, controlling how that condition's values combine.
    • Click + Add condition to add more conditions. The card's top-level Match type (Any / All / None) controls how the separate conditions combine: Any runs the rule if at least one condition matches, All requires every condition, and None runs the rule only when no condition matches.

  4. Set the action (the "Then"). In the Then (action) card, choose an Action and fill in any parameters it needs. For example, Redirect asks for a destination URL and an HTTP status code (301 permanent or 302 temporary); Override cache time asks for a cache time in seconds.

    • You can chain extra actions with + Add action.

  5. Review the live summary. As you build the rule, a plain-language summary updates to describe what it will do (e.g. "If URL matches … then redirect to …"). Use it to sanity-check the rule before saving.

  6. Add details (optional). Set a Description to label the rule, and an Order number to control when it runs relative to other rules — rules run in ascending order. Leave the Enabled switch on to make the rule active immediately.

  7. Save. Click Save rule. You'll return to the Edge Rules list with the new rule shown.

Security actions

Some actions disable a security feature — for example actions that turn off the WAF or other Shield protections for matching requests. The form shows a warning when you pick one. Only use these for paths you're certain need them.

Edit, enable, disable, or delete a rule

On the Edge Rules list, each rule has its own controls:

  • Enable / disable — flip the Enabled toggle on the rule's row. The change applies in place; you don't need to reopen the rule.
  • Edit — click Edit to reopen the rule in the same When → Then form. Editing replaces the whole rule, so the form loads every existing field for you to change. Click Save rule when done.
  • Delete — click Delete and confirm in the dialog. Deleting a rule cannot be undone.

The same rules are available over the REST API under /api/sites/:site_id/edge_rules. For example, list a site's edge rules:

curl -H "Authorization: Bearer $SUPERSPACE_TOKEN" -H "X-Auth-Account: $ACCOUNT_ID" \
  https://control.superspace.nl/api/sites/$SITE_ID/edge_rules

Edge-rule writes are synchronous. One thing to watch: creating a rule without a Guid is not idempotent — a retried create makes a duplicate rule. To update an existing rule, send its Guid (or use PATCH). See the full parameter list, action/trigger type numbers, and status codes in the CDN API reference.

Next steps

  • Review your caching configuration on the CDN → Caching tab
  • Read CDN & Shield to understand how edge rules interact with caching and Shield protection