Skip to content

Examples

Griffen Fargo edited this page May 4, 2026 · 1 revision

Examples

Real-world configuration examples for common firewall scenarios. All examples are available in the examples folder on GitHub.

Basic Protection

IP Blocking

Block specific IP addresses or ranges:

{
  "ips": [
    {
      "ip": "192.168.1.100/32",
      "action": "deny",
      "notes": "Known attacker"
    },
    {
      "ip": "10.0.0.0/8",
      "action": "deny",
      "notes": "Internal range"
    }
  ]
}

View full example →

Path Protection

Secure specific URL paths:

{
  "rules": [
    {
      "name": "Protect Admin",
      "active": true,
      "conditionGroup": [
        {
          "conditions": [
            { "type": "path", "op": "pre", "value": "/admin" }
          ]
        }
      ],
      "action": {
        "mitigate": { "action": "challenge" }
      }
    }
  ]
}

View full example →

Geo-Blocking

Country-based access control:

{
  "rules": [
    {
      "name": "Block High-Risk Countries",
      "active": true,
      "conditionGroup": [
        {
          "conditions": [
            {
              "type": "geo_country",
              "op": "inc",
              "value": ["CN", "RU", "KP"]
            }
          ]
        }
      ],
      "action": {
        "mitigate": { "action": "deny" }
      }
    }
  ]
}

View full example →

Method Restriction

Limit HTTP methods on specific paths:

{
  "rules": [
    {
      "name": "Read-Only API",
      "active": true,
      "conditionGroup": [
        {
          "conditions": [
            { "type": "path", "op": "pre", "value": "/api" },
            { "type": "method", "op": "inc", "value": ["PUT", "DELETE", "PATCH"] }
          ]
        }
      ],
      "action": {
        "mitigate": { "action": "deny" }
      }
    }
  ]
}

View full example →

Advanced Security

Rate Limiting

Prevent abuse through rate limits:

{
  "rules": [
    {
      "name": "API Rate Limit",
      "active": true,
      "conditionGroup": [
        {
          "conditions": [
            { "type": "path", "op": "pre", "value": "/api" }
          ]
        }
      ],
      "action": {
        "mitigate": {
          "action": "rate_limit",
          "rateLimit": {
            "requests": 100,
            "window": "60s"
          }
        }
      }
    }
  ]
}

View full example →

Challenge Rules

Bot prevention with browser challenges:

{
  "rules": [
    {
      "name": "Challenge Suspicious Traffic",
      "active": true,
      "conditionGroup": [
        {
          "conditions": [
            { "type": "path", "op": "pre", "value": "/login" }
          ]
        }
      ],
      "action": {
        "mitigate": { "action": "challenge" }
      }
    }
  ]
}

View full example →

Redirect Rules

Traffic redirection:

View full example →

Conditional Rules

Complex condition group combinations:

View full example →

Specialized Rules

User Agent Filtering

Filter by browser or client type:

View full example →

Header-Based Rules

Rules based on HTTP headers:

View full example →

Mixed Rules

Multiple protection layers in a single configuration:

View full example →

Related Pages

Clone this wiki locally