Examples

Real-world configuration examples for common firewall scenarios. All examples are available in the examples folder on GitHub.

Basic Protection

IP Blocking

Block specific IP addresses or ranges:

{
  "ips": [
    {
      "ip": "192.168.1.100/32",
      "action": "deny",
      "notes": "Known attacker"
    },
    {
      "ip": "10.0.0.0/8",
      "action": "deny",
      "notes": "Internal range"
    }
  ]
}

View full example →

Path Protection

Secure specific URL paths:

{
  "rules": [
    {
      "name": "Protect Admin",
      "active": true,
      "conditionGroup": [
        {
          "conditions": [
            { "type": "path", "op": "pre", "value": "/admin" }
          ]
        }
      ],
      "action": {
        "mitigate": { "action": "challenge" }
      }
    }
  ]
}

View full example →

Geo-Blocking

Country-based access control:

{
  "rules": [
    {
      "name": "Block High-Risk Countries",
      "active": true,
      "conditionGroup": [
        {
          "conditions": [
            {
              "type": "geo_country",
              "op": "inc",
              "value": ["CN", "RU", "KP"]
            }
          ]
        }
      ],
      "action": {
        "mitigate": { "action": "deny" }
      }
    }
  ]
}

View full example →

Method Restriction

Limit HTTP methods on specific paths:

{
  "rules": [
    {
      "name": "Read-Only API",
      "active": true,
      "conditionGroup": [
        {
          "conditions": [
            { "type": "path", "op": "pre", "value": "/api" },
            { "type": "method", "op": "inc", "value": ["PUT", "DELETE", "PATCH"] }
          ]
        }
      ],
      "action": {
        "mitigate": { "action": "deny" }
      }
    }
  ]
}

View full example →

Advanced Security

Rate Limiting

Prevent abuse through rate limits:

{
  "rules": [
    {
      "name": "API Rate Limit",
      "active": true,
      "conditionGroup": [
        {
          "conditions": [
            { "type": "path", "op": "pre", "value": "/api" }
          ]
        }
      ],
      "action": {
        "mitigate": {
          "action": "rate_limit",
          "rateLimit": {
            "requests": 100,
            "window": "60s"
          }
        }
      }
    }
  ]
}

View full example →

Challenge Rules

Bot prevention with browser challenges:

{
  "rules": [
    {
      "name": "Challenge Suspicious Traffic",
      "active": true,
      "conditionGroup": [
        {
          "conditions": [
            { "type": "path", "op": "pre", "value": "/login" }
          ]
        }
      ],
      "action": {
        "mitigate": { "action": "challenge" }
      }
    }
  ]
}

View full example →

Redirect Rules

Traffic redirection:

View full example →

Conditional Rules

Complex condition group combinations:

View full example →

Specialized Rules

User Agent Filtering

Filter by browser or client type:

View full example →

Header-Based Rules

Rules based on HTTP headers:

View full example →

Mixed Rules

Multiple protection layers in a single configuration:

View full example →

Related Pages

Configuration — Configuration file reference
Templates — Pre-built rule templates
Commands Overview — CLI command reference

Getting Started

Configuration

Commands

Commands Overview

Guides

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Examples

Examples

Basic Protection

IP Blocking

Path Protection

Geo-Blocking

Method Restriction

Advanced Security

Rate Limiting

Challenge Rules

Redirect Rules

Conditional Rules

Specialized Rules

User Agent Filtering

Header-Based Rules

Mixed Rules

Related Pages

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally