Rules | Fastly Documentation

Network services
Customize your content delivery.
Full-Site Delivery (CDN)
Streaming Delivery
Purging
Image Optimizer
Security
Protect your services and applications.
Next-Gen WAF
Edge Rate Limiting
Access Control Lists
TLS
Compute
Experiment with Fastly's edge computing platform.
Compute services
Testing and debugging
Edge Data Storage
Quick start
Go from zero to Fastly with these step-by-step guides and tutorials.
CDN getting started guide
Compute getting started guide
Building blocks
Start with the basics and learn how Fastly lets you take advantage of the modern internet.
Services
Core concepts
Web interface guides
Integrations
Find out how Fastly services interoperate with non-Fastly services.
Streaming logs
Logging endpoints
Non-Fastly services
See all guides
Tutorials
Step-by-step guides to developing with Fastly
Deliver a site with Fastly
Enhance your UX with Compute
Edge deploy Next-Gen WAF
See all tutorials
Demos
Discover how Fastly can enhance your user experience.
Passwordless auth
Fanout chat
Social sharing cards
See all demos
Use Cases
Get solutions to specific problems with curated topics.
Authentication
Geolocation
Personalization
See all use cases
Code Examples
Try out Fastly code in the browser and easily remix it for your own project.
Geolocation at the edge
Optimize images on the fly
Redirect URLs at the edge
See all code examples
Starter Kits
Start developing your project immediately with Fastly from a functional template.
Rust default starter
JavaScript default starter
Go default starter
See all starter kits

Log in Try Fastly free

Rules are configurations that outline how the Next-Gen WAF should handle requests that meet defined condition sets. You can create rules at…

Converting requests to rules

From the Requests page , you can convert individual requests into pre-populated rules, enabling you to take action on similar requests. To…

Defining rule conditions

When creating rules, you define the conditions that requests must meet in order for the WAF to take action (e.g., allow or block matching…

Using client challenges

Sites (also known as workspaces) can be set up to send dynamic, interactive, or non-interactive challenges to clients and those challenges…

Using lists in rules

Lists allow you to create and maintain sets of data for use when creating rules . For example, you could create a list of prohibited…

Using the deception action

IMPORTANT: To help defend your web applications from Account Takeover (ATO) attacks (e.g., credential stuffing ), you can add rules that…

Working with advanced rate limiting rules

Advanced rate limiting rules are a type of threshold configuration that places a cap on how often an individual client can send requests…

Working with request rules

Request rules allow you to define arbitrary conditions that requests must meet in order for the WAF to take action and the actions the WAF…

Working with signal exclusion rules

A signal exclusion rule prevents requests with a particular pattern from being tagged with a specific system signal . You can use signal…