> ## Documentation Index
> Fetch the complete documentation index at: https://bunnynet-cb9733c2-onclientmiddleware.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Creating a custom WAF rule

> Define your own WAF rules in Bunny Shield to fine-tune existing protections or block threats the managed ruleset doesn't cover.

Custom WAF rules let you write conditions Bunny Shield doesn't cover out of the box. You pick the variables, operators, transformations, and response actions to target threats specific to your application.

## What you'll need

Before you dive in, make sure you have the following prerequisites in place:

* A [bunny.net](https://bunny.net/) account ( [Log in](https://dash.bunny.net/auth/login?pk_buttonlocation=menu) or sign up for a [free trial](https://dash.bunny.net/auth/register)).
* An existing Shield Zone.
* Advanced Plan or above on the existing Shield Zone.
* Your AccessKey or JWT for API authentication.

With these in place, you'll have the access and permissions needed to create and manage custom WAF rules.

## Creating a custom WAF rule

Before writing your first rule, read the [Rule Engine](/shield/rule-engine) documentation to understand how rules are structured.

<img src="https://mintcdn.com/bunnynet-cb9733c2-onclientmiddleware/fpC5xH2fcFkk9TQn/images/docs/7943f5069c900e680d2b136f98d0bce7ddd320d2beec28157b16af24e41caa16-image.png?fit=max&auto=format&n=fpC5xH2fcFkk9TQn&q=85&s=e3f99f34a93d13904c1c8710e3e08e4f" alt="" width="1651" height="1273" data-path="images/docs/7943f5069c900e680d2b136f98d0bce7ddd320d2beec28157b16af24e41caa16-image.png" />

This rule processes each HTTP request by extracting only the REQUEST\_URI (**Variable**), converting it to lowercase, and removing whitespaces (**Transformations**). It then verifies if the transformed REQUEST\_URI matches exactly (**Operator**) with '/blockedpath' (**Operator Value**). If a match is found, our WAF Engine will block (**Response Action**) the request, halting further rule processing and intercepting the request.

With the basics covered, you can write WAF rules that target the threats specific to your site.

## Examples of custom WAF rules

To illustrate how you can implement custom WAF rules, here are some practical examples:

### Block request by ASN

If you want to block requests that originate from a specific ASN, you can create a rule as follows:

<img src="https://mintcdn.com/bunnynet-cb9733c2-onclientmiddleware/2Mg2JcbbdZZJ88ro/images/docs/ae556d5fb671d9928c2088848330834ac308f82fe207b83752ac8450106a21ad-image.png?fit=max&auto=format&n=2Mg2JcbbdZZJ88ro&q=85&s=54504a4200615f005248b5d1cb01e1c5" alt="" width="1562" height="1189" data-path="images/docs/ae556d5fb671d9928c2088848330834ac308f82fe207b83752ac8450106a21ad-image.png" />

### Block request by country code

If you want to block requests that originate from a specific country code, you can create a rule as follows:

<img src="https://mintcdn.com/bunnynet-cb9733c2-onclientmiddleware/2Mg2JcbbdZZJ88ro/images/docs/e7f3550fe240d2a64d18632a5183b0cb909c4716f0e796518d35fae34bfeeac5-image.png?fit=max&auto=format&n=2Mg2JcbbdZZJ88ro&q=85&s=0a67d44e19e88e38a46ede13ce56c28e" alt="" width="1572" height="1213" data-path="images/docs/e7f3550fe240d2a64d18632a5183b0cb909c4716f0e796518d35fae34bfeeac5-image.png" />

### Log request if the specific cookie is set and has a specific value

If you want to log requests that contain a specific cookie with a particular value, you can create a rule as follows:

<img src="https://mintcdn.com/bunnynet-cb9733c2-onclientmiddleware/fpC5xH2fcFkk9TQn/images/docs/57b2bbe2aef059d026f21abb8a1b44fd5ae31907fb50eae15f6bf9ed74177b4f-image.png?fit=max&auto=format&n=fpC5xH2fcFkk9TQn&q=85&s=444e2e0b03a3916b3d3177605d22753f" alt="" width="1672" height="1261" data-path="images/docs/57b2bbe2aef059d026f21abb8a1b44fd5ae31907fb50eae15f6bf9ed74177b4f-image.png" />

### Challenge request if a specific path is accessed

To challenge a user when they access a specific path, you can define a rule like this:

<img src="https://mintcdn.com/bunnynet-cb9733c2-onclientmiddleware/fpC5xH2fcFkk9TQn/images/docs/6507dfa00b76c30cfde6cf128e77fef5488a9c0e3532bf8e4506489caeb00ee0-image.png?fit=max&auto=format&n=fpC5xH2fcFkk9TQn&q=85&s=24fab414dc0c3f7b55cc8cca97f8db39" alt="" width="1690" height="1264" data-path="images/docs/6507dfa00b76c30cfde6cf128e77fef5488a9c0e3532bf8e4506489caeb00ee0-image.png" />

### Block request if User-Agent is a known crawler

To block requests that have a User-Agent matching a known crawler, the rule would be:

<img src="https://mintcdn.com/bunnynet-cb9733c2-onclientmiddleware/fpC5xH2fcFkk9TQn/images/docs/1b0a50e440294062c2805f47564fbd4b1bb410569d7db29452eb1c5de0cb682b-image.png?fit=max&auto=format&n=fpC5xH2fcFkk9TQn&q=85&s=e44b9e239b20fa7b103234f8528b3472" alt="" width="1649" height="1266" data-path="images/docs/1b0a50e440294062c2805f47564fbd4b1bb410569d7db29452eb1c5de0cb682b-image.png" />

Adapt these patterns to mitigate the threats and enforce the security policies that match your application.
