In the following example, we send a Patch
request to the Update Firewall Configuration endpoint of the Vercel REST API security group. This request creates a new rule in your project's WAF configuration.
Both the conditionGroup
and action
body parameters are required fields
This strategy can help you enhance security and manage traffic across all your project domains at once in the following possible cases:
- You identified that a specific IP network is associated with DDoS attacks or automated bot traffic.
- Certain sanctions or data protection laws require that you block traffic from certain IP networks.
To enable this across all your project domains, create an IP Blocking rule using the following code:
app/api/firewall/route.ts
export async function PATCH() {
let baseUrl = 'https://api.vercel.com/v1/security/firewall/config';
let teamId = 'team_a5j...';
let projectId = 'QmTrK...';
const body = JSON.stringify({
action: 'ip.insert',
id: null,
value: {
action: 'deny',
hostname: '*',
ip: '12.34.56.0/24',
notes: 'deny traffic from 12.34.56.0/24',
},
});
let res = await fetch(`${baseUrl}?projectId=${projectId}&teamId=${teamId}`, {
method: 'PATCH',
headers: {
Authorization: `Bearer ${process.env.VERCEL_TOKEN}`,
'Content-Type': 'application/json',
},
body,
});
if (!res.ok) {
return Response.json(
{ status: 'Failed to update Firewall' },
{ status: res.status },
);
}
return Response.json({ status: 'New rule added to Firewall' });
}