How-to
WAF System Bypass Rules
Learn how to configure IP-based system bypass rules with the Vercel Web Application Firewall (WAF).Table of Contents
WAF System Bypass Rules are available on Pro and Enterprise plans
While Vercel's system-level mitigations (such as DDoS protection) safeguard your websites and applications, it can happen that they block traffic from legitimate sources like proxies or shared networks in situations where traffic from these sources was identified as malicious.
You can ensure that specific IP addresses or CIDR ranges are never blocked by the Vercel Firewall's system mitigations with System Bypass Rules.
To add an IP address that should bypass system mitigations, navigate to the Firewall tab of your project and follow these steps:
- Select Configure on the top right of the Firewall overview page
- Scroll down to the System Bypass Rules section
- Select the + Add Rule button
- Complete the following fields in the Configure New System Bypass modal:
- IP Address Or CIDR (required)
- Domain (required): The production domain(s) connected to the project
- Note: For future reference
- Select the Create System Bypass button
- Apply the changes:
- When you make any change, you will see a Review Changes button appear or update on the top right with the number of changes requested
- Select Review Changes and review the changes to be applied
- Select Publish to apply the changes to your production deployment
System Bypass Rules have limits based on your account plan.
| Resource | Hobby | Pro | Enterprise |
|---|---|---|---|
| Number of system bypass rules per project | N/A | 3 | 5 |
Last updated on December 20, 2024
Was this helpful?