In the following example, we send a PATCH request to the Update Firewall Configuration endpoint of the Vercel REST API security group. This request creates a new rule in your project's WAF configuration.
Both the conditionGroup and action body parameters are required fields
A cURL(Client URL) request is often used by attackers to perform automated activities like scraping, brute force attacks, or other malicious activities. To mitigate such risks, create a custom rule using the following code:
app/api/firewall/route.ts
export async function PATCH() { let baseUrl = 'https://api.vercel.com/v1/security/firewall/config'; let teamId = 'team_a5j...'; let projectId = 'QmTrK...';
const body = JSON.stringify({ action: 'rules.insert', id: null, value: { active: true /** Whether this rule is enabled or not in your Vercel WAF configuration */, name: 'Challenge Curl', description: 'Challenge all traffic from curl requests', conditionGroup: [ { conditions: [ { op: 'sub' /** Operator used to compare - sub is equivalent to "Contains" */, type: 'user_agent' /** Parameter from incoming traffic */, value: 'curl', }, ], }, ], action: { mitigate: { action: 'challenge', rateLimit: null, redirect: null, actionDuration: null, }, }, }, });
let res = await fetch(`${baseUrl}?projectId=${projectId}&teamId=${teamId}`, { method: 'PATCH', headers: { Authorization: `Bearer ${process.env.VERCEL_TOKEN}`, 'Content-Type': 'application/json', }, body, });
if (!res.ok) { return Response.json( { status: 'Failed to update Firewall' }, { status: res.status }, ); }
return Response.json({ status: 'New rule added to Firewall' });}