Skip to main content
PATCH
/
waap
/
v1
/
domains
/
{domain_id}
/
advanced-rules
/
{rule_id}
Update an advanced rule
curl --request PATCH \
  --url https://api.gcore.com/waap/v1/domains/{domain_id}/advanced-rules/{rule_id} \
  --header 'Authorization: <api-key>' \
  --header 'Content-Type: application/json' \
  --data @- <<EOF
{
  "name": "Block foobar bot",
  "description": "<string>",
  "enabled": true,
  "action": {
    "allow": {},
    "block": {
      "action_duration": "12h"
    },
    "captcha": {},
    "handshake": {},
    "monitor": {}
  },
  "source": [
    "request.rate_limit([], '.*events', 5, 200, [], [], '', 'ip') and not ('mb-web-ui' in request.headers['Cookie'] or 'mb-mobile-ios' in request.headers['Cookie'] or 'session-token' in request.headers['Cookie']) and not request.headers['session']"
  ]
}
EOF
{
  "type": "http-bad-request",
  "title": "Bad Request",
  "status": 400,
  "detail": "Invalid domain name: ''''"
}

Authorizations

Authorization
string
header
required

API key for authentication. Make sure to include the word apikey, followed by a single space and then your token. Example: apikey 1234$abcdef

Path Parameters

domain_id
integer
required

The domain ID

rule_id
integer
required

The advanced rule ID

Body

application/json

A request to update an advanced WAAP rule

name
string | null

The name assigned to the rule

Required string length: 1 - 100
Pattern: ^[A-Za-z0-9\s.:'";<>?&|\\]+$
Example:

"Block foobar bot"

description
string | null

The description assigned to the rule

Maximum string length: 100
enabled
boolean | null

Whether or not the rule is enabled

action
CustomerRuleAction · object

The action that the rule takes when triggered

source
string | null

A CEL syntax expression that contains the rule's conditions. Allowed objects are: request, whois, session, response, tags, user_defined_tags, user_agent, client_data.

More info can be found here: https://gcore.com/docs/waap/waap-rules/advanced-rules

Minimum string length: 1
Example:
[
  "request.rate_limit([], '.*events', 5, 200, [], [], '', 'ip') and not ('mb-web-ui' in request.headers['Cookie'] or 'mb-mobile-ios' in request.headers['Cookie'] or 'session-token' in request.headers['Cookie']) and not request.headers['session']"
]
phase
enum<string> | null

The WAAP request/response phase for applying the rule.

The "access" phase is responsible for modifying the request before it is sent to the origin server.

The "header_filter" phase is responsible for modifying the HTTP headers of a response before they are sent back to the client.

The "body_filter" phase is responsible for modifying the body of a response before it is sent back to the client.

Available options:
access,
header_filter,
body_filter

Response

Successful Response