Rules
Rules allow you to allow, block, rate limit, or tag requests for an arbitrary set of conditions.
IMPORTANT: The Fastly Next-Gen WAF API is only available to customers with access to the Next-Gen WAF product in the Fastly control panel. If you have access to the Next-Gen WAF control panel, check out the Next-Gen WAF API.
Data model
actions | array | Required. | |
conditions | array | Required. | |
created_at | string | Date the rule was created. Required. | |
description | string | Description for rule. Required. | |
enabled | boolean | Turns a rule on and off. Defaults to false (off). Required. | |
expires_at | string | Date the rule will automatically be disabled. Field is nullable and set to null if the rule should always be enabled. If the rule is always enabled, will return undefined. | |
group_operator | string | Conditions that must be matched when evaluating the request. Required. | |
id | string | The ID of the rule. Required. | |
rate_limit | object | Rate limiting configuration including thresholds, intervals, and client identification methods. Required. | |
request_logging | string | Available only for request rules. Indicates whether to store the logs for requests that match the rule's conditions (sampled) or not store them (none). | |
scope | object | Scope configuration for workspace rules. Required. | |
updated_at | string | Date the rule was last updated. Required. | |
type | string | Group condition type. Required. | |
field | string | Enums for multival condition field. Refer to: https://www.fastly.com/documentation/guides/next-gen-waf/using-ngwaf/rules/defining-rule-conditions/#fields. | |
operator | string | Indicates whether the supplied conditions will check for existence or non-existence of matching field values. Refer to: https://www.fastly.com/documentation/guides/next-gen-waf/using-ngwaf/rules/defining-rule-conditions/#operators. | |
value | string | The value to compare against the field. Refer to: https://www.fastly.com/documentation/guides/next-gen-waf/using-ngwaf/rules/defining-rule-conditions/#field-value-case-sensitivity. | |
client_identifiers | array | Array of client identifier objects that define how to identify unique clients for rate limiting. | |
duration | integer | The time in seconds that the rate limit action will be applied after the threshold is exceeded. | |
interval | integer | The time window in seconds over which the threshold is applied. | |
signal | string | Signal name for rate limit rules. | |
threshold | integer | The number of requests that must be exceeded before the rate limit is triggered. | |
applies_to | array |