# Deny non-browser traffic or blocklisted ASNs

**Author:** DX Team

---

In the following example, we send a `PATCH` request to the [Update Firewall Configuration](/docs/rest-api/reference/endpoints/security/update-firewall-configuration) endpoint of the [Vercel REST API security group](/docs/rest-api/reference/endpoints/security). This request creates a new rule in your project's WAF configuration.

> Both the `conditionGroup` and `action` body parameters are **required** fields

A common strategy to protect your web application from specific known threats, can include the following:

- Denying non-browser traffic by targeting non "Mozilla" user-agents, which helps with blocking bots and scrapers.
  
- Blocking traffic from certain [Autonomous System Numbers](https://www.thousandeyes.com/learning/glossary/as-autonomous-system) (ASN) that are known to be associated with malicious activities.
  

To enable this on your Vercel project, create a [custom rule](/docs/security/vercel-waf/custom-rules) using the following code:

``export async function PATCH() { let baseUrl = 'https://api.vercel.com/v1/security/firewall/config'; let teamId = 'team_a5j...'; let projectId = 'QmTrK...'; const body = JSON.stringify({ action: 'rules.insert', id: null, value: { active: true /** Whether this rule is enabled or not in your Vercel WAF configuration */, name: 'Deny non-browser traffic or blacklisted ASN', description: 'Deny traffic without Mozilla or from a specific ASN', conditionGroup: [/** Any of the conditions in this array can be true */ { conditions: [ { neg: true, /** Perform negative match */ op: "re", /** Operator used to compare - re equivalent to "Match regex expression" */, type: 'user_agent' /** Parameter from incoming traffic */, value: '.*Mozilla.*', }, ], }, { conditions: [ { op: 'inc' /** Operator used to compare - inc equivalent to "Includes"*/, type: 'geo_as_number' /** Parameter from incoming traffic */, value: ["124", "456", "789"], /** includes any of the number combinations in the array */ }, ], }, ], action: { mitigate: { action: 'deny', rateLimit: null, redirect: null, actionDuration: null, }, }, }, }); let res = await fetch(`${baseUrl}?projectId=${projectId}&teamId=${teamId}`, { method: 'PATCH', headers: { Authorization: `Bearer ${process.env.VERCEL_TOKEN}`, 'Content-Type': 'application/json', }, body, }); if (!res.ok) { return Response.json( { status: 'Failed to update Firewall' }, { status: res.status }, ); } return Response.json({ status: 'New rule added to Firewall' }); }`` ## Related - [WAF Examples](/docs/security/vercel-waf/examples)
  
- [WAF Custom Rules](/docs/security/vercel-waf/custom-rules)

---

[View full KB sitemap](/kb/sitemap.md)
