POST
/
waap
/
v1
/
domains
/
{domain_id}
/
advanced-rules
Python
from gcore import Gcore

client = Gcore(
    api_key="My API Key",
)
waap_advanced_rule = client.waap.domains.advanced_rules.create(
    domain_id=1,
    action={},
    enabled=True,
    name="Block foobar bot",
    source="request.rate_limit([], '.*events', 5, 200, [], [], '', 'ip') and not ('mb-web-ui' in request.headers['Cookie'] or 'mb-mobile-ios' in request.headers['Cookie'] or 'session-token' in request.headers['Cookie']) and not request.headers['session']",
)
print(waap_advanced_rule.id)
{
  "name": "Block foobar bot",
  "description": "<string>",
  "enabled": true,
  "action": {
    "allow": {},
    "block": {
      "status_code": 403,
      "action_duration": "12h"
    },
    "captcha": {},
    "handshake": {},
    "monitor": {},
    "tag": {
      "tags": [
        "<string>"
      ]
    }
  },
  "source": "request.rate_limit([], '.*events', 5, 200, [], [], '', 'ip') and not ('mb-web-ui' in request.headers['Cookie'] or 'mb-mobile-ios' in request.headers['Cookie'] or 'session-token' in request.headers['Cookie']) and not request.headers['session']",
  "phase": "access",
  "id": 123
}

Authorizations

Authorization
string
header
required

API key for authentication. Make sure to include the word apikey, followed by a single space and then your token. Example: apikey 1234$abcdef

Path Parameters

domain_id
integer
required

The domain ID

Required range: x > 0

Body

application/json

A request to create a new advanced rule

name
string
required

The name assigned to the rule

Required string length: 1 - 100
Examples:

"Block foobar bot"

enabled
boolean
required

Whether or not the rule is enabled

action
object
required

The action that the rule takes when triggered. Only one action can be set per rule.

source
string
required

A CEL syntax expression that contains the rule's conditions. Allowed objects are: request, whois, session, response, tags, user_defined_tags, user_agent, client_data.

More info can be found here: https://gcore.com/docs/waap/waap-rules/advanced-rules

Minimum length: 1
Examples:

"request.rate_limit([], '.*events', 5, 200, [], [], '', 'ip') and not ('mb-web-ui' in request.headers['Cookie'] or 'mb-mobile-ios' in request.headers['Cookie'] or 'session-token' in request.headers['Cookie']) and not request.headers['session']"

description
string

The description assigned to the rule

Maximum length: 100
phase
enum<string> | null
default:access

The WAAP request/response phase for applying the rule. Default is "access".

The "access" phase is responsible for modifying the request before it is sent to the origin server.

The "header_filter" phase is responsible for modifying the HTTP headers of a response before they are sent back to the client.

The "body_filter" phase is responsible for modifying the body of a response before it is sent back to the client.

Available options:
access,
header_filter,
body_filter

Response

Successful Response

An advanced WAAP rule applied to a domain

name
string
required

The name assigned to the rule

Required string length: 1 - 100
Examples:

"Block foobar bot"

enabled
boolean
required

Whether or not the rule is enabled

action
object
required

The action that the rule takes when triggered. Only one action can be set per rule.

source
string
required

A CEL syntax expression that contains the rule's conditions. Allowed objects are: request, whois, session, response, tags, user_defined_tags, user_agent, client_data.

More info can be found here: https://gcore.com/docs/waap/waap-rules/advanced-rules

Minimum length: 1
Examples:

"request.rate_limit([], '.*events', 5, 200, [], [], '', 'ip') and not ('mb-web-ui' in request.headers['Cookie'] or 'mb-mobile-ios' in request.headers['Cookie'] or 'session-token' in request.headers['Cookie']) and not request.headers['session']"

id
integer
required

The unique identifier for the rule

description
string

The description assigned to the rule

Maximum length: 100
phase
enum<string> | null
default:access

The WAAP request/response phase for applying the rule. Default is "access".

The "access" phase is responsible for modifying the request before it is sent to the origin server.

The "header_filter" phase is responsible for modifying the HTTP headers of a response before they are sent back to the client.

The "body_filter" phase is responsible for modifying the body of a response before it is sent back to the client.

Available options:
access,
header_filter,
body_filter