---
title: Rules
summary: Rules allow you to allow, block, rate limit, or tag requests for an arbitrary set of conditions.
url: https://www.fastly.com/documentation/reference/api/ngwaf/rules
---

Rules allow you to allow, block, rate limit, or tag requests for an arbitrary set of conditions.

## Data model

| Field | Type | Description |
|-------|------|-------------|
| `actions` | array |  |
| `conditions` | array |  |
| `created_at` | string | Date the rule was created. |
| `description` | string | Description for rule. |
| `enabled` | boolean | Turns a rule on and off. Defaults to false (off). |
| `expires_at` | string | Date the rule will automatically be disabled. Field is nullable and set to null if the rule should always be enabled. If the rule is always enabled, will return undefined. |
| `group_operator` | string | Conditions that must be matched when evaluating the request. |
| `id` | string | The ID of the rule. |
| `request_logging` | string | Indicates whether to store the logs for requests that match the rule's conditions (sampled) or not store them (none). |
| `scope` | object | Scope configuration for account rules. Defines whether the rule applies to all workspaces or specific workspaces. |
| `updated_at` | string | Date the rule was last updated. |
| `rate_limit` | object | Rate limiting configuration including thresholds, intervals, and client identification methods. |
| `applies_to` | array | Defines the workspaces to which the rule applies. Use <code>"*"</code> to apply the rule to all workspaces, or provide specific workspace IDs. |
| `type` | string | Indicates the rule applies at the account level. |
| `field` | string | Enums for multival condition field. Refer to: <a href="https://www.fastly.com/documentation/guides/next-gen-waf/using-ngwaf/rules/defining-rule-conditions/#fields">https://www.fastly.com/documentation/guides/next-gen-waf/using-ngwaf/rules/defining-rule-conditions/#fields</a>. |
| `operator` | string | Indicates whether the supplied conditions will check for existence or non-existence of matching field values. Refer to: <a href="https://www.fastly.com/documentation/guides/next-gen-waf/using-ngwaf/rules/defining-rule-conditions/#operators">https://www.fastly.com/documentation/guides/next-gen-waf/using-ngwaf/rules/defining-rule-conditions/#operators</a>. |
| `value` | string | The value to compare against the field. Refer to: <a href="https://www.fastly.com/documentation/guides/next-gen-waf/using-ngwaf/rules/defining-rule-conditions/#field-value-case-sensitivity">https://www.fastly.com/documentation/guides/next-gen-waf/using-ngwaf/rules/defining-rule-conditions/#field-value-case-sensitivity</a>. |
| `client_identifiers` | array | Array of client identifier objects that define how to identify unique clients for rate limiting. |
| `duration` | integer | The time in seconds that the rate limit action will be applied after the threshold is exceeded. |
| `interval` | integer | The time window in seconds over which the threshold is applied. |
| `signal` | string | Signal name for rate limit rules. |
| `threshold` | integer | The number of requests that must be exceeded before the rate limit is triggered. |

## API endpoints

### List account rules

**GET** `/ngwaf/v1/rules`

List rules at the account level.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `action` | string | query | No | Return only the rules with the given action. |
| `enabled` | boolean | query | No | Return either all enabled rules or all disabled rules. |
| `limit` | integer | query | No | Limit how many results are returned. |
| `page` | integer | query | No | Page number of the collection to request. |
| `scope` | string | query | No | Return only the rules with the given scope. |
| `types` | string | query | No | Return rules with any of the given rule types. More than one value can be supplied. |

### Create account rule

**POST** `/ngwaf/v1/rules`

Create a rule at the account level.

### Retrieve account rule

**GET** `/ngwaf/v1/rules/{rule_id}`

Get a rule at the account level.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `rule_id` | string | path | Yes | The ID of the rule. |

### Remove an account rule

**DELETE** `/ngwaf/v1/rules/{rule_id}`

Delete a rule at the account level.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `rule_id` | string | path | Yes | The ID of the rule. |

### Edit account rule

**PATCH** `/ngwaf/v1/rules/{rule_id}`

Change attributes of a rule at the account level.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `rule_id` | string | path | Yes | The ID of the rule. |

### List rules

**GET** `/ngwaf/v1/workspaces/{workspace_id}/rules`

List rules in a workspace.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `action` | string | query | No | Return only the rules with the given action. |
| `enabled` | boolean | query | No | Return either all enabled rules or all disabled rules. |
| `limit` | integer | query | No | Limit how many results are returned. |
| `page` | integer | query | No | Page number of the collection to request. |
| `types` | string | query | No | Return rules with any of the given rule types. More than one value can be supplied. |
| `workspace_id` | string | path | Yes | The ID of the workspace. |

### Create rule

**POST** `/ngwaf/v1/workspaces/{workspace_id}/rules`

Create a rule in a workspace.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `workspace_id` | string | path | Yes | The ID of the workspace. |

### Retrieve rule

**GET** `/ngwaf/v1/workspaces/{workspace_id}/rules/{rule_id}`

Get a rule in a workspace.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `rule_id` | string | path | Yes | The ID of the rule. |
| `workspace_id` | string | path | Yes | The ID of the workspace. |

### Remove a rule

**DELETE** `/ngwaf/v1/workspaces/{workspace_id}/rules/{rule_id}`

Delete a rule from a workspace.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `rule_id` | string | path | Yes | The ID of the rule. |
| `workspace_id` | string | path | Yes | The ID of the workspace. |

### Edit rule

**PATCH** `/ngwaf/v1/workspaces/{workspace_id}/rules/{rule_id}`

Change attributes of a rule in a workspace.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `rule_id` | string | path | Yes | The ID of the rule. |
| `workspace_id` | string | path | Yes | The ID of the workspace. |