---
title: Rules
summary: Rules allow you to allow, block, rate limit, or tag requests for an arbitrary set of conditions.
url: https://www.fastly.com/documentation/reference/api/security/rules
---
Rules allow you to allow, block, rate limit, or tag requests for an arbitrary set of conditions.
## Data model
| Field | Type | Description |
|-------|------|-------------|
| `actions` | array | |
| `conditions` | array | |
| `created_at` | string | Date the rule was created. |
| `description` | string | Description for rule. |
| `enabled` | boolean | Turns a rule on and off. Defaults to false (off). |
| `expires_at` | string | Date the rule will automatically be disabled. Field is nullable and set to null if the rule should always be enabled. If the rule is always enabled, will return undefined. |
| `group_operator` | string | Conditions that must be matched when evaluating the request. |
| `id` | string | The ID of the rule. |
| `request_logging` | string | Available only for request rules. Indicates whether to store the logs for requests that match the rule's conditions (sampled) or not store them (none). |
| `signal` | string | The signal name being excluded if rule type is signal and action is 'exclude_signal'. |
| `type` | string | The type of rule. |
| `updated_at` | string | Date the rule was last updated. |
| `field` | string | Enums for multival condition field. Refer to: https://www.fastly.com/documentation/guides/next-gen-waf/using-ngwaf/rules/defining-rule-conditions/#fields. |
| `operator` | string | Indicates whether the supplied conditions will check for existence or non-existence of matching field values. Refer to: https://www.fastly.com/documentation/guides/next-gen-waf/using-ngwaf/rules/defining-rule-conditions/#operators. |
| `value` | string | The value to compare against the field. Refer to: https://www.fastly.com/documentation/guides/next-gen-waf/using-ngwaf/rules/defining-rule-conditions/#field-value-case-sensitivity. |
## API endpoints
### List rules
**GET** `/security/workspaces/{workspace_id}/rules`
List rules in a workspace.
**Parameters:**
| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `action` | string | query | No | Return only the rules with the given action. |
| `enabled` | boolean | query | No | Return either all enabled rules or all disabled rules. |
| `limit` | integer | query | No | Limit how many results are returned. |
| `page` | integer | query | No | Page number of the collection to request. |
| `types` | string | query | No | Return rules with any of the given action types. More than one value can be supplied. |
| `workspace_id` | string | path | Yes | The ID of the workspace. |
### Create rule
**POST** `/security/workspaces/{workspace_id}/rules`
Create a rule in a workspace.
**Parameters:**
| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `workspace_id` | string | path | Yes | The ID of the workspace. |
### Retrieve rule
**GET** `/security/workspaces/{workspace_id}/rules/{rule_id}`
Get a rule in a workspace.
**Parameters:**
| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `rule_id` | string | path | Yes | The ID of the rule. |
| `workspace_id` | string | path | Yes | The ID of the workspace. |
### Remove a rule
**DELETE** `/security/workspaces/{workspace_id}/rules/{rule_id}`
Delete a rule from a workspace.
**Parameters:**
| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `rule_id` | string | path | Yes | The ID of the rule. |
| `workspace_id` | string | path | Yes | The ID of the workspace. |
### Edit rule
**PATCH** `/security/workspaces/{workspace_id}/rules/{rule_id}`
Change attributes of a rule in a workspace.
**Parameters:**
| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `rule_id` | string | path | Yes | The ID of the rule. |
| `workspace_id` | string | path | Yes | The ID of the workspace. |