Rules

Rules allow you to allow, block, rate limit, or tag requests for an arbitrary set of conditions.

IMPORTANT: The Fastly Next-Gen WAF API is only available to customers with access to the Next-Gen WAF product in the Fastly control panel. If you have access to the Next-Gen WAF control panel, check out the Next-Gen WAF API.

Data model

actionsarray Required.
conditionsarray Required.
created_atstringDate the rule was created. Required.
descriptionstringDescription for rule. Required.
enabledbooleanTurns a rule on and off. Defaults to false (off). Required.
expires_atstringDate the rule will automatically be disabled. Field is nullable and set to null if the rule should always be enabled. If the rule is always enabled, will return undefined.
group_operatorstringConditions that must be matched when evaluating the request. Required.
idstringThe ID of the rule. Required.
rate_limitobjectRate limiting configuration including thresholds, intervals, and client identification methods. Required.
request_loggingstringAvailable only for request rules. Indicates whether to store the logs for requests that match the rule's conditions (sampled) or not store them (none).
scopeobjectScope configuration for workspace rules. Required.
updated_atstringDate the rule was last updated. Required.
typestringGroup condition type. Required.
fieldstringEnums for multival condition field. Refer to: https://www.fastly.com/documentation/guides/next-gen-waf/using-ngwaf/rules/defining-rule-conditions/#fields.
operatorstringIndicates whether the supplied conditions will check for existence or non-existence of matching field values. Refer to: https://www.fastly.com/documentation/guides/next-gen-waf/using-ngwaf/rules/defining-rule-conditions/#operators.
valuestringThe value to compare against the field. Refer to: https://www.fastly.com/documentation/guides/next-gen-waf/using-ngwaf/rules/defining-rule-conditions/#field-value-case-sensitivity.
client_identifiersarrayArray of client identifier objects that define how to identify unique clients for rate limiting.
durationintegerThe time in seconds that the rate limit action will be applied after the threshold is exceeded.
intervalintegerThe time window in seconds over which the threshold is applied.
signalstringSignal name for rate limit rules.
thresholdintegerThe number of requests that must be exceeded before the rate limit is triggered.
applies_toarray

Endpoints

List rules

GET/ngwaf/v1/workspaces/workspace_id/rules

Create rule

POST/ngwaf/v1/workspaces/workspace_id/rules

Retrieve rule

GET/ngwaf/v1/workspaces/workspace_id/rules/rule_id

Remove a rule

DELETE/ngwaf/v1/workspaces/workspace_id/rules/rule_id

Edit rule

PATCH/ngwaf/v1/workspaces/workspace_id/rules/rule_id