WAF Custom Rules
Learn how to add and manage custom rules to configure the Vercel Web Application Firewall (WAF).You can configure specific rules to log, deny, challenge, or bypass traffic to your site. When you apply the configuration, it takes effect immediately and does not require re-deployment.
Get started by reviewing the Best practices for applying rules section.
WAF Custom Rules are available on all plans
Those with the member, viewer, developer and administrator roles can access this feature
- You need to be a Developer or Viewer in the team to view the Firewall overview page and list the rules
- You need to be a Project administrator or Team member to configure, save and apply any rule and configuration
You can create multiple Custom Rules for the same project. Each rule can perform a log, deny, challenge, or bypass action according to one or more logical condition(s) that you set based on the value of specific parameters in the incoming request.
You can save, delete, or disable a rule at any time and these actions have immediate effect. You also have the ability to re-order the precedence of each custom rule.
When a rule denies or challenges the traffic to your site and the client has not previously solved the challenge (in the case of challenge mode), the rule execution stops and blocks the request.
After a Log rule runs, the rule execution continues. If no other rule matches and blocks the request, the Log rule that is last matched is reported.
To ensure your Custom Rule behaves as intended:
- Test a Custom Rule by setting it up with a log action
- Observe the 10-minute live traffic to check the behavior
- Update the Custom Rule condition if needed. Once you're happy with the behavior, update the rule with a challenge, deny, or bypass action
Learn how to create, test, and apply a Custom Rule.
- From your dashboard, select the project that you'd like to configure a rule for and then select the Firewall tab
- Select Configure on the top right of the Firewall overview page
- Select + New Rule
- Type a name to help you identify the purpose of this rule for future reference
- In the Configure section, add as many If conditions as needed:
- Select Log for the Then action
- Select Save Rule to apply it
- Apply the changes:
- When you make any change, you will see a Review Changes button appear or update on the top right with the number of changes requested
- Select Review Changes and review the changes to be applied
- Select Publish to apply the changes to your production deployment
- Go to the Firewall overview page, select your Custom Rule from the traffic grouping drop-down and select the paramater(s) related to the condition(s) of your Custom Rule to observe the traffic:
- If you are satisfied with the traffic behavior, select Configure
- Select the Custom Rule that you created
- Update the Then action to Challenge, Deny or Bypass as needed
- Select Save Rule to apply it
- Apply the changes with the Review Changes button
Review Common Examples for the application of specific rules in common situations.
Was this helpful?