Skip to main content
POST
/
waap
/
v1
/
domains
/
{domain_id}
/
advanced-rules
Create an advanced rule
curl --request POST \
  --url https://api.gcore.com/waap/v1/domains/{domain_id}/advanced-rules \
  --header 'Authorization: <api-key>' \
  --header 'Content-Type: application/json' \
  --data @- <<EOF
{
  "name": "Block foobar bot",
  "enabled": true,
  "action": {
    "allow": {},
    "block": {
      "action_duration": "12h"
    },
    "captcha": {},
    "handshake": {},
    "monitor": {}
  },
  "source": "request.rate_limit([], '.*events', 5, 200, [], [], '', 'ip') and not ('mb-web-ui' in request.headers['Cookie'] or 'mb-mobile-ios' in request.headers['Cookie'] or 'session-token' in request.headers['Cookie']) and not request.headers['session']",
  "description": "<string>",
  "phase": "access"
}
EOF
{
  "name": "Block foobar bot",
  "enabled": true,
  "action": {
    "allow": {},
    "block": {
      "action_duration": "12h"
    },
    "captcha": {},
    "handshake": {},
    "monitor": {},
    "tag": {
      "tags": [
        "<string>"
      ]
    }
  },
  "source": "request.rate_limit([], '.*events', 5, 200, [], [], '', 'ip') and not ('mb-web-ui' in request.headers['Cookie'] or 'mb-mobile-ios' in request.headers['Cookie'] or 'session-token' in request.headers['Cookie']) and not request.headers['session']",
  "id": 123,
  "description": "<string>",
  "phase": "access"
}

Authorizations

Authorization
string
header
required

API key for authentication. Make sure to include the word apikey, followed by a single space and then your token. Example: apikey 1234$abcdef

Path Parameters

domain_id
integer
required

The domain ID

Body

application/json

A request to create a new advanced rule

name
string
required

The name assigned to the rule

Required string length: 1 - 100
Pattern: ^[A-Za-z0-9\s.:'";<>?&|\\]+$
Example:

"Block foobar bot"

enabled
boolean
required

Whether or not the rule is enabled

action
CustomerRuleAction · object
required

The action that the rule takes when triggered. Only one action can be set per rule.

source
string
required

A CEL syntax expression that contains the rule's conditions. Allowed objects are: request, whois, session, response, tags, user_defined_tags, user_agent, client_data.

More info can be found here: https://gcore.com/docs/waap/waap-rules/advanced-rules

Minimum string length: 1
Example:

"request.rate_limit([], '.*events', 5, 200, [], [], '', 'ip') and not ('mb-web-ui' in request.headers['Cookie'] or 'mb-mobile-ios' in request.headers['Cookie'] or 'session-token' in request.headers['Cookie']) and not request.headers['session']"

description
string

The description assigned to the rule

Maximum string length: 100
phase
enum<string> | null
default:access

The WAAP request/response phase for applying the rule. Default is "access".

The "access" phase is responsible for modifying the request before it is sent to the origin server.

The "header_filter" phase is responsible for modifying the HTTP headers of a response before they are sent back to the client.

The "body_filter" phase is responsible for modifying the body of a response before it is sent back to the client.

Available options:
access,
header_filter,
body_filter

Response

Successful Response

An advanced WAAP rule applied to a domain

name
string
required

The name assigned to the rule

Required string length: 1 - 100
Pattern: ^[A-Za-z0-9\s.:'";<>?&|\\]+$
Example:

"Block foobar bot"

enabled
boolean
required

Whether or not the rule is enabled

action
CustomerRuleAction · object
required

The action that the rule takes when triggered. Only one action can be set per rule.

source
string
required

A CEL syntax expression that contains the rule's conditions. Allowed objects are: request, whois, session, response, tags, user_defined_tags, user_agent, client_data.

More info can be found here: https://gcore.com/docs/waap/waap-rules/advanced-rules

Minimum string length: 1
Example:

"request.rate_limit([], '.*events', 5, 200, [], [], '', 'ip') and not ('mb-web-ui' in request.headers['Cookie'] or 'mb-mobile-ios' in request.headers['Cookie'] or 'session-token' in request.headers['Cookie']) and not request.headers['session']"

id
integer
required

The unique identifier for the rule

description
string

The description assigned to the rule

Maximum string length: 100
phase
enum<string> | null
default:access

The WAAP request/response phase for applying the rule. Default is "access".

The "access" phase is responsible for modifying the request before it is sent to the origin server.

The "header_filter" phase is responsible for modifying the HTTP headers of a response before they are sent back to the client.

The "body_filter" phase is responsible for modifying the body of a response before it is sent back to the client.

Available options:
access,
header_filter,
body_filter