How-to
3 min read

Learn how to add and manage custom rules to configure the Vercel Web Application Firewall (WAF).

Table of Contents

You can configure specific rules to log, deny, challenge, or bypass traffic to your site. When you apply the configuration, it takes effect immediately and does not require re-deployment.

Get started by reviewing the Best practices for applying rules section.

WAF Custom Rules are available on all plans

Those with the member, viewer, developer and administrator roles can access this feature

You can create multiple Custom Rules for the same project. Each rule can perform a log, deny, challenge, or bypass action according to one or more logical condition(s) that you set based on the value of specific parameters in the incoming request.

You can save, delete, or disable a rule at any time and these actions have immediate effect. You also have the ability to re-order the precedence of each custom rule.

When a rule denies or challenges the traffic to your site and the client has not previously solved the challenge (in the case of challenge mode), the rule execution stops and blocks the request.

After a Log rule runs, the rule execution continues. If no other rule matches and blocks the request, the Log rule that is last matched is reported.

To ensure your Custom Rule behaves as intended:

  1. Test a Custom Rule by setting it up with a log action
  2. Observe the 10-minute live traffic to check the behavior
  3. Update the Custom Rule condition if needed. Once you're happy with the behavior, update the rule with a challenge, deny, or bypass action

Learn how to create, test, and apply a Custom Rule.

  1. From your dashboard, select the project that you'd like to configure a rule for and then select the Firewall tab
  2. Select Configure on the top right of the Firewall overview page
  3. Select + New Rule
  4. Type a name to help you identify the purpose of this rule for future reference
  5. In the Configure section, add as many If conditions as needed:
  6. Select Log for the Then action
  7. Select Save Rule to apply it
  8. Apply the changes:
    • When you make any change, you will see a Review Changes button appear or update on the top right with the number of changes requested
    • Select Review Changes and review the changes to be applied
    • Select Publish to apply the changes to your production deployment
  9. Go to the Firewall overview page, select your Custom Rule from the traffic grouping drop-down and select the paramater(s) related to the condition(s) of your Custom Rule to observe the traffic:
  10. If you are satisfied with the traffic behavior, select Configure
  11. Select the Custom Rule that you created
  12. Update the Then action to Challenge, Deny or Bypass as needed
  13. Select Save Rule to apply it
  14. Apply the changes with the Review Changes button

Review Common Examples for the application of specific rules in common situations.

Last updated on June 21, 2024