---
title: Working with request rules
summary: null
url: >-
  https://www.fastly.com/documentation/guides/next-gen-waf/rules/working-with-request-rules
---

Request rules allow you to define arbitrary conditions that requests must meet in order for the WAF to take action and the [actions](https://www.fastly.com/documentation/guides/next-gen-waf/rules/about-rules/#action-types) the WAF should take when the conditions are met. For example, you could make a rule to block all requests with specific headers, requests to certain paths, or requests originating from specific IP addresses.

> **HINT:** Not sure if your [rule logic](https://www.fastly.com/documentation/guides/next-gen-waf/rules/defining-rule-conditions) will work? Use our [Simulator](https://www.fastly.com/documentation/guides/next-gen-waf/rules/defining-rule-conditions#testing-rule-logic-with-the-simulator) to test it.

## Limitations and considerations

When working with request rules, keep in mind the following:

- Request rules are limited to 1000 per corp (also known as account) plus 1000 per site (also known as workspace) for Security Starter, Security Advantage, or Security Ultimate [packaged security offering](https://www.fastly.com/package-entitlements/). Other packages may have different limits.
- Request rules are considered custom rules for purposes of [packaged entitlement](https://docs.fastly.com/products/fastly-next-gen-waf#feature-availability) limitations.

## Creating request rules

You can create request rules that apply to multiple sites (workspaces) or that only apply to a single site (workspace).

### Creating rules that apply to multiple sites (workspaces)

To create a request rule that applies to more than one site (workspace), complete the following steps:

### Next Gen Waf Control Panel

1.   Log in to the [Next-Gen WAF control panel](https://dashboard.signalsciences.net).

2. From the **Corp Rules** menu, select **Corp Rules**.

3. Click **Add corp rule**.

   ![A request rule designed to block requests to the '/login' page from the IP address '198.51.100.0/24', as described above.](/img/ngwaf/add-corp-request-rule.png)

4. In the **Type** section, select **Request**.

5. Fill out the fields in the **Conditions** section as follows:
   - From the **Field** menu, select the [request field](https://www.fastly.com/documentation/guides/next-gen-waf/rules/defining-rule-conditions/#fields) that the condition is based on.
   - In the **Value** field, enter a value for the specified field.
   - From the **Operator** menu, select an operator to specify how the selected field and value should be compared.
   - _(Optional)_ Click **Add condition** to add another condition or **Add group** to create a group of conditions.
   - Select **All** to specify that a request must meet every condition or **Any** to specify that a request must meet only one condition.

6. Fill out the fields in the **Actions** section as follows:
   - From the **Action type** menu, select [the action](https://www.fastly.com/documentation/guides/next-gen-waf/rules/about-rules/#action-types) that should be taken when a request meets the rule's conditions.
   - _(Optional)_ Click **Add action** to add another action.

7. Fill out the fields in the **Details** section as follows:
   - From the **Request logging** menu, select **Sampled** to store the logs for requests that match the rule's criteria and **None** to not store the logs. When you select **None**, the time series graphs will still include data from requests that match the rule's criteria. Read our guide on [request data storage](https://www.fastly.com/documentation/guides/next-gen-waf/data-storage-and-privacy/about-data-storage-and-privacy/#request-data-storage) for more information.
   - Leave the **Status** switch enabled.
   - Click **Change expiration** and select from the menu when the rule should be disabled.
   - In the **Description** field, enter a description of the rule.
   - From the **Scope** menu, leave Global selected for the rule to apply to all your sites. If you want the rule to apply to specific sites, select **Specific sites** and then select the sites the rule should apply to.

8. Click **Create corp rule**. The request rule is created and the Site Rules page appears.

### Fastly Control Panel

1.   Log in to the [Fastly control panel](https://manage.fastly.com).

2.   Go to **Security** > **Next-Gen WAF** > [**Rules**](https://manage.fastly.com/security/ngwaf/rules).

3.   From the workspaces bar, click the menu <span class="inline-icons"><img src="/img/icons/chevron-down.png" alt="Menu icon" /></span> to the right of the workspace name and select your account name.

4. Click **Add account rule**.

   ![A request rule designed to block requests to the '/login' page from the IP address '198.51.100.0/24', as described above.](/img/ngwaf/add-account-request-rule.png)

5. In the **Type** section, select **Request**.

6. Fill out the fields in the **Conditions** section as follows:
   - Select **All** to specify that a request must meet every condition or **Any** to specify that a request must meet only one condition.
   - From the **Field** menu, select the [request field](https://www.fastly.com/documentation/guides/next-gen-waf/rules/defining-rule-conditions/#fields) that the condition is based on.
   - From the **Operator** menu, select an operator to specify how the selected field and value should be compared.
   - In the **Value** field, enter a value for the specified field.
   - _(Optional)_ Click **Add condition** to add another condition or **Add group** to create a group of conditions.

7. Fill out the fields in the **Actions** section as follows:
   - From the **Type** menu, select [action](https://www.fastly.com/documentation/guides/next-gen-waf/rules/about-rules/#action-types) that should be taken when a request meets the rule's conditions.
   - _(Optional)_ Click **Add action** to add another action.

8. Fill out the fields in the **Details** section as follows:
   - In the **Description** field, enter a description of the rule.
   - Leave the **Status** switch enabled.
   - _(Optional)_ Click **Change expiration** and select from the menu when the rule should be disabled.
   - From the **Request logging** menu, select **Sampled** to store the logs for requests that match the rule's criteria or **None** to not store the logs. When you select **None**, the time series graphs will still include data from requests that match the rule's criteria. Read our guide on [request data storage](https://www.fastly.com/documentation/guides/next-gen-waf/data-storage-and-privacy/about-data-storage-and-privacy/#request-data-storage) for more information.
   - From the **Scope** menu, leave Global selected for the rule to apply to all your workspaces. If you want the rule to apply to specific workspaces, select **Specified workspaces** and then select the workspaces the rule should apply to.

9. Click **Create account rule**.

### Creating rules that apply to one site (workspace)

To create a request rule that applies to only one site (workspace), complete the following steps:

### Next Gen Waf Control Panel

1.   Log in to the [Next-Gen WAF control panel](https://dashboard.signalsciences.net).

2.   From the **Sites** menu, select a site if you have more than one site.

3. From the **Rules** menu, select **Site Rules**.

4. Click **Add site rule**.

   ![A request rule designed to block requests to the '/login' page from the IP address '198.51.100.50', as described above.](/img/ngwaf/request-rule.png)

5. In the **Type** section, select **Request**.

6. Fill out the fields in the **Conditions** section as follows:
   - From the **Field** menu, select the [request field](https://www.fastly.com/documentation/guides/next-gen-waf/rules/defining-rule-conditions/#fields) that the condition is based on.
   - In the **Value** field, enter a value for the specified field.
   - From the **Operator** menu, select an operator to specify how the selected field and value should be compared.
   - _(Optional)_ Click **Add condition** to add another condition or **Add group** to create a group of conditions.
   - Select **All** to specify that a request must meet every condition or **Any** to specify that a request must meet only one condition.

7. Fill out the fields in the **Actions** section as follows:
   - From the **Action type** menu, select [the action](https://www.fastly.com/documentation/guides/next-gen-waf/rules/about-rules/#action-types) that should be taken when a request meets the rule's conditions.
   - _(Optional)_ If you selected `Browser challenge` from the **Action type** menu, leave the **Allow Interactive** switch disabled to keep the challenge non-interactive or click the switch to require an interactive (CAPTCHA) challenge.
   - _(Optional)_ If you selected `Block` from the **Action type** menu, click **Change response** to specify the [custom response code](https://www.fastly.com/documentation/guides/next-gen-waf/agent-response-codes/using-custom-agent-response-codes/) to return when the rule blocks a request. Supported custom response codes are `301`, `302`, and `400-599`.
   - _(Optional)_ If you entered `301` or `302` in the **Response code (optional)** field then, in the **Redirect URL (optional)** field, enter the absolute or relative URL of the redirect location. For more information, check out our guide on [using redirect custom response codes](https://www.fastly.com/documentation/guides/next-gen-waf/agent-response-codes/using-custom-agent-response-codes/#using-redirect-custom-agent-response-codes).
   - _(Optional)_ Click **Add action** to add another action.

8. Fill out the fields in the **Details** section as follows:
   - From the **Request logging** menu, select **Sampled** to store the logs for requests that match the rule's criteria and **None** to not store the logs. When you select **None**, the time series graphs will still include data from requests that match the rule's criteria. Read our guide on [request data storage](https://www.fastly.com/documentation/guides/next-gen-waf/data-storage-and-privacy/about-data-storage-and-privacy/#request-data-storage) for more information.
   - Leave the **Status** switch enabled.
   - Click **Change expiration** and select from the menu when the rule should be disabled.
   - In the **Description** field, enter a description of the rule.

9. Click **Create site rule**. The request rule is created and the Site Rules page appears.

### Fastly Control Panel

1.   Log in to the [Fastly control panel](https://manage.fastly.com).

2.   Go to **Security** > **Next-Gen WAF** > [**Rules**](https://manage.fastly.com/security/ngwaf/rules).

3.   From the workspaces bar, click the menu <span class="inline-icons"><img src="/img/icons/chevron-down.png" alt="Menu icon" /></span> to the right of the workspace name and select a workspace.

4. Click **Add workspace rule**.

   ![A request rule designed to block requests to the '/login' page from the IP address '198.51.100.50'](/img/ngwaf/add-request-rule.png)

5. Under **Type**, leave **Request** selected.

6. Fill out the fields in the **Conditions** section as follows:
   - From the **Field** menu, select the [request field](https://www.fastly.com/documentation/guides/next-gen-waf/rules/defining-rule-conditions/#fields) that the condition is based on.
   - In the **Value** field, enter a value for the specified field.
   - From the **Operator** menu, select an operator to specify how the selected field and value should be compared.
   - _(Optional)_ Click **Add condition** to add another condition or **Add group** to create a group of conditions.
   - Leave **All** selected to specify that a request must meet every condition or select **Any** to specify that a request must meet only one condition.

7. Fill out the fields in the **Actions** section as follows:
   - From the **Type** menu, select [action](https://www.fastly.com/documentation/guides/next-gen-waf/rules/about-rules/#action-types) that should be taken when a request meets the rule's conditions.
   - _(Optional)_ If you selected `Browser challenge` from the **Type** menu, leave the **Allow Interactive** switch disabled to keep the challenge non-interactive or click the switch to require an interactive (CAPTCHA) challenge.
   - _(Optional)_ If you selected `Block` from the **Type** menu, click **Change response code** to specify the [custom response code](https://www.fastly.com/documentation/guides/next-gen-waf/agent-response-codes/using-custom-agent-response-codes/) to return when the rule blocks a request. Supported custom response codes are `301`, `302`, and `400-599`.
   - _(Optional)_ If you entered `301` or `302` in the **Response code** field then, in the **Redirect URL** field, enter the absolute or relative URL of the redirect location. For more information, check out our guide on [using redirect custom response codes](https://www.fastly.com/documentation/guides/next-gen-waf/agent-response-codes/using-custom-agent-response-codes/#using-redirect-custom-agent-response-codes).
   - _(Optional)_ Click **Add action** to add another action.

8. Fill out the fields in the **Details** section as follows:
   - In the **Description** field, enter a description for the rule.
   - _(Optional)_ Click the **Status** switch to disable the rule.
   - Click **Change expiration** and select from the menu when the rule should be disabled.

9. Click **Create workspace rule**.

## Editing request rules

The steps to edit an existing rule depends on whether the rule applies to multiple sites (workspaces) or to a single site (workspace).

### Editing rules that apply to multiple sites (workspaces)

To adjust a request rule that applies to more than one site (workspace), complete the following steps:

### Next Gen Waf Control Panel

1.   Log in to the [Next-Gen WAF control panel](https://dashboard.signalsciences.net).

2. From the **Corp Rules** menu, select **Corp Rules**.

3. Click **Edit** next to the rule that you want to edit.

   ![A request rule designed to block requests to the '/login' page from the IP address '198.51.100.0/24', as described above.](/img/ngwaf/edit-corp-request-rule.png)

4. Fill out the fields in the **Conditions** section as follows:
   - From the **Field** menu, select the [request field](https://www.fastly.com/documentation/guides/next-gen-waf/rules/defining-rule-conditions/#fields) that the condition is based on.
   - In the **Value** field, enter a value for the specified field.
   - From the **Operator** menu, select an operator to specify how the selected field and value should be compared.
   - _(Optional)_ Click **Add condition** to add another condition or **Add group** to create a group of conditions.
   - Select **All** to specify that a request must meet every condition or **Any** to specify that a request must meet only one condition.

5. Fill out the fields in the **Actions** section as follows:
   - From the **Action type** menu, select [the action](https://www.fastly.com/documentation/guides/next-gen-waf/rules/about-rules/#action-types) that should be taken when a request meets the rule's conditions.
   - _(Optional)_ Click **Add action** to add another action.

6. Fill out the fields in the **Details** section as follows:
   - From the **Request logging** menu, select **Sampled** to store the logs for requests that match the rule's criteria and **None** to not store the logs. When you select **None**, the time series graphs will still include data from requests that match the rule's criteria. Read our guide on [request data storage](https://www.fastly.com/documentation/guides/next-gen-waf/data-storage-and-privacy/about-data-storage-and-privacy/#request-data-storage) for more information.
   - Leave the **Status** switch enabled.
   - Click **Change expiration** and select from the menu when the rule should be disabled.
   - In the **Description** field, enter a description of the rule.
   - From the **Scope** menu, leave Global selected for the rule to apply to all your sites. If you want the rule to apply to specific sites, select **Specific sites** and then select the sites the rule should apply to.

7. Click **Update corp rule**. The request rule is created and the Site Rules page appears.

### Fastly Control Panel

1.   Log in to the [Fastly control panel](https://manage.fastly.com).

2.   Go to **Security** > **Next-Gen WAF** > [**Rules**](https://manage.fastly.com/security/ngwaf/rules).

3.   From the workspaces bar, click the menu <span class="inline-icons"><img src="/img/icons/chevron-down.png" alt="Menu icon" /></span> to the right of the workspace name and select your account name.

4. Click the pencil <span class="inline-icons"><img src="/img/icons/pencil.png" alt="Pencil icon" /></span> to the right of the rule you want to edit.

   ![A request rule designed to block requests to the '/login' page from the IP address '198.51.100.0/24', as described above.](/img/ngwaf/edit-account-request-rule.png)

5. Fill out the fields in the **Conditions** section as follows:
   - Select **All** to specify that a request must meet every condition or **Any** to specify that a request must meet only one condition.
   - From the **Field** menu, select the [request field](https://www.fastly.com/documentation/guides/next-gen-waf/rules/defining-rule-conditions/#fields) that the condition is based on.
   - From the **Operator** menu, select an operator to specify how the selected field and value should be compared.
   - In the **Value** field, enter a value for the specified field.
   - _(Optional)_ Click **Add condition** to add another condition or **Add group** to create a group of conditions.

6. Fill out the fields in the **Actions** section as follows:
   - From the **Type** menu, select [the action](https://www.fastly.com/documentation/guides/next-gen-waf/rules/about-rules/#action-types) that should be taken when a request meets the rule's conditions.
   - _(Optional)_ Click **Add action** to add another action.

7. Fill out the fields in the **Details** section as follows:
   - In the **Description** field, enter a description of the rule.
   - Leave the **Status** switch enabled.
   - _(Optional)_ Click **Change expiration** and select from the menu when the rule should be disabled.
   - From the **Request logging** menu, select **Sampled** to store the logs for requests that match the rule's criteria or **None** to not store the logs. When you select **None**, the time series graphs will still include data from requests that match the rule's criteria. Read our guide on [request data storage](https://www.fastly.com/documentation/guides/next-gen-waf/data-storage-and-privacy/about-data-storage-and-privacy/#request-data-storage) for more information.
   - From the **Scope** menu, leave Global selected for the rule to apply to all your workspaces. If you want the rule to apply to specific workspaces, select **Specified workspaces** and then select the workspaces the rule should apply to.

8. Click **Update account rule**.

### Editing rules that apply to a single site (workspace)

To adjust a request rule that applies to only one site (workspace), complete the following steps:

### Next Gen Waf Control Panel

1.   Log in to the [Next-Gen WAF control panel](https://dashboard.signalsciences.net).

2.   From the **Sites** menu, select a site if you have more than one site.

3. From the **Rules** menu, select **Site Rules**.

4. Click **Edit** next to the rule that you want to update.

   ![A request rule designed to block requests to the '/login' page from the IP address '198.51.100.50', as described above.](/img/ngwaf/edit-site-request-rule.png)

5. In the **Type** section, select **Request**.

6. Fill out the fields in the **Conditions** section as follows:
   - From the **Field** menu, select the [request field](https://www.fastly.com/documentation/guides/next-gen-waf/rules/defining-rule-conditions/#fields) that the condition is based on.
   - In the **Value** field, enter a value for the specified field.
   - From the **Operator** menu, select an operator to specify how the selected field and value should be compared.
   - _(Optional)_ Click **Add condition** to add another condition or **Add group** to create a group of conditions.
   - Select **All** to specify that a request must meet every condition or **Any** to specify that a request must meet only one condition.

7. Fill out the fields in the **Actions** section as follows:
   - From the **Action type** menu, select [the action](https://www.fastly.com/documentation/guides/next-gen-waf/rules/about-rules/#action-types) that should be taken when a request meets the rule's conditions.
   - _(Optional)_ If you selected `Browser challenge` from the **Action type** menu, leave the **Allow Interactive** switch disabled to keep the challenge non-interactive or click the switch to require an interactive (CAPTCHA) challenge.
   - _(Optional)_ If you selected `Block` from the **Action type** menu, click **Change response** to specify the [custom response code](https://www.fastly.com/documentation/guides/next-gen-waf/agent-response-codes/using-custom-agent-response-codes/) to return when the rule blocks a request. Supported custom response codes are `301`, `302`, and `400-599`.
   - _(Optional)_ If you entered `301` or `302` in the **Response code (optional)** field then, in the **Redirect URL (optional)** field, enter the absolute or relative URL of the redirect location. For more information, check out our guide on [using redirect custom response codes](https://www.fastly.com/documentation/guides/next-gen-waf/agent-response-codes/using-custom-agent-response-codes/#using-redirect-custom-agent-response-codes).
   - _(Optional)_ Click **Add action** to add another action.

8. Fill out the fields in the **Details** section as follows:
   - From the **Request logging** menu, select **Sampled** to store the logs for requests that match the rule's criteria and **None** to not store the logs. When you select **None**, the time series graphs will still include data from requests that match the rule's criteria. Read our guide on [request data storage](https://www.fastly.com/documentation/guides/next-gen-waf/data-storage-and-privacy/about-data-storage-and-privacy/#request-data-storage) for more information.
   - Leave the **Status** switch enabled.
   - Click **Change expiration** and select from the menu when the rule should be disabled.
   - In the **Description** field, enter a description of the rule.

9. Click **Update site rule**. The request rule is updated and the Site Rules page appears.

### Fastly Control Panel

1.   Log in to the [Fastly control panel](https://manage.fastly.com).

2.   Go to **Security** > **Next-Gen WAF** > [**Rules**](https://manage.fastly.com/security/ngwaf/rules).

3.   From the workspaces bar, click the menu <span class="inline-icons"><img src="/img/icons/chevron-down.png" alt="Menu icon" /></span> to the right of the workspace name and select a workspace.

4. Click the pencil <span class="inline-icons"><img src="/img/icons/pencil.png" alt="Pencil icon" /></span> to the right of the rule you want to edit.

   ![A request rule designed to block requests to the '/login' page from the IP address '198.51.100.50'](/img/ngwaf/edit-workspace-request-rule.png)

5. Under **Type**, leave **Request** selected.

6. Fill out the fields in the **Conditions** section as follows:
   - From the **Field** menu, select the [request field](https://www.fastly.com/documentation/guides/next-gen-waf/rules/defining-rule-conditions/#fields) that the condition is based on.
   - In the **Value** field, enter a value for the specified field.
   - From the **Operator** menu, select an operator to specify how the selected field and value should be compared.
   - _(Optional)_ Click **Add condition** to add another condition or **Add group** to create a group of conditions.
   - Leave **All** selected to specify that a request must meet every condition or select **Any** to specify that a request must meet only one condition.

7. Fill out the fields in the **Actions** section as follows:
   - From the **Type** menu, select [action](https://www.fastly.com/documentation/guides/next-gen-waf/rules/about-rules/#action-types) that should be taken when a request meets the rule's conditions.
   - _(Optional)_ If you selected `Browser challenge` from the **Type** menu, leave the **Allow Interactive** switch disabled to keep the challenge non-interactive or click the switch to require an interactive (CAPTCHA) challenge.
   - _(Optional)_ If you selected `Block` from the **Type** menu, click **Change response code** to specify the [custom response code](https://www.fastly.com/documentation/guides/next-gen-waf/agent-response-codes/using-custom-agent-response-codes/) to return when the rule blocks a request. Supported custom response codes are `301`, `302`, and `400-599`.
   - _(Optional)_ If you entered `301` or `302` in the **Response code** field then, in the **Redirect URL** field, enter the absolute or relative URL of the redirect location. For more information, check out our guide on [using redirect custom response codes](https://www.fastly.com/documentation/guides/next-gen-waf/agent-response-codes/using-custom-agent-response-codes/#using-redirect-custom-agent-response-codes).
   - _(Optional)_ Click **Add action** to add another action.

8. Fill out the fields in the **Details** section as follows:
   - In the **Description** field, enter a description for the rule.
   - _(Optional)_ Click the **Status** switch to disable the rule.
   - Click **Change expiration** and select from the menu when the rule should be disabled.

9. Click **Update workspace rule**.

## Deleting request rules

To delete a rule, follow the steps described in the [Deleting rules](https://www.fastly.com/documentation/guides/next-gen-waf/rules/about-rules#deleting-rules) section.

## Example request rules

The following examples demonstrate how to configure request rules for common use-cases. Be aware that values (e.g., paths and response codes) used in these examples may not be the same as those used by your particular web application.

### Blocking attacks from malicious IP addresses

This example demonstrates a request rule that immediately blocks attacks from IP addresses that:

- were reported as malicious by the SANS Internet Storm Center.
- were identified as bad actors by Fastly's [Network Learning Exchange](https://docs.fastly.com/products/fastly-next-gen-waf#threat-intelligence) (NLX).
- serve as TOR exit nodes.

The rule:

- looks for requests tagged with an attack signal. Use the Attack Signals system list, which contains all [attack signals](https://www.fastly.com/documentation/guides/next-gen-waf/signals/using-system-signals/#attacks).
- looks for requests tagged with the [Malicious IP](https://www.fastly.com/documentation/guides/next-gen-waf/signals/using-system-signals/#anomalies-sans), [SigSci IP](https://www.fastly.com/documentation/guides/next-gen-waf/signals/using-system-signals/#anomalies-sigsci-ip), or [Tor Traffic](https://www.fastly.com/documentation/guides/next-gen-waf/signals/using-system-signals/#informational-tornode) signal.
- blocks requests that meet the rule's condition set.

> **HINT:** If you don't have access to the Lists feature, create a request rule for each individual attack signal.

### Next Gen Waf Control Panel

![A request rule designed to block attacks from malicious IP addresses, as described above.](/img/ngwaf/block-attacks-from-malicious-ips-ngwafcp.png)

### Fastly Control Panel

![A request rule designed to block attacks from malicious IP addresses, as described above.](/img/ngwaf/block-attacks-from-malicious-ips-fcp.png)

### Blocking bad bots

This example demonstrates a request rule that immediately blocks requests made by suspected bad bots whose IP addresses:

- were reported as malicious by the SANS Internet Storm Center.
- were identified as bad actors by Fastly's [Network Learning Exchange](https://docs.fastly.com/products/fastly-next-gen-waf#threat-intelligence) (NLX).
- function as TOR exit nodes.

The rule:

- looks for requests tagged with the [Suspected Bad Bot](https://www.fastly.com/documentation/guides/next-gen-waf/signals/using-system-signals/#bots-suspected-bad-bot) signal and tagged with the [Malicious IP](https://www.fastly.com/documentation/guides/next-gen-waf/signals/using-system-signals/#anomalies-sans), [SigSci IP](https://www.fastly.com/documentation/guides/next-gen-waf/signals/using-system-signals/#anomalies-sigsci-ip), or [Tor Traffic](https://www.fastly.com/documentation/guides/next-gen-waf/signals/using-system-signals/#informational-tornode) signal.
- blocks requests that meet the rule's condition set.

### Next Gen Waf Control Panel

![A request rule designed to block attacks from malicious IP addresses, as described above.](/img/ngwaf/block-bad-bots-ngwafcp.png)

### Fastly Control Panel

![A request rule designed to block attacks from malicious IP addresses, as described above.](/img/ngwaf/block-bad-bots-fcp.png)

## Related content

- [About rules](https://www.fastly.com/documentation/guides/next-gen-waf/rules/about-rules)
- [Using an API with the Next-Gen WAF](https://www.fastly.com/documentation/guides/next-gen-waf/developer/using-an-api-with-the-next-gen-waf)