--- title: Create a WAF Policy description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Application Security --- # Create a WAF Policy{% #create-a-waf-policy %} {% tab title="v2" %} | Datadog site | API endpoint | | ----------------- | --------------------------------------------------------------------------------- | | ap1.datadoghq.com | POST https://api.ap1.datadoghq.com/api/v2/remote_config/products/asm/waf/policies | | ap2.datadoghq.com | POST https://api.ap2.datadoghq.com/api/v2/remote_config/products/asm/waf/policies | | app.datadoghq.eu | POST https://api.datadoghq.eu/api/v2/remote_config/products/asm/waf/policies | | app.ddog-gov.com | POST https://api.ddog-gov.com/api/v2/remote_config/products/asm/waf/policies | | us2.ddog-gov.com | POST https://api.us2.ddog-gov.com/api/v2/remote_config/products/asm/waf/policies | | app.datadoghq.com | POST https://api.datadoghq.com/api/v2/remote_config/products/asm/waf/policies | | us3.datadoghq.com | POST https://api.us3.datadoghq.com/api/v2/remote_config/products/asm/waf/policies | | us5.datadoghq.com | POST https://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/policies | ### Overview Create a new WAF policy. ### Request #### Body Data (required) The new WAF policy. {% tab title="Model" %} | Parent field | Field | Type | Description | | ------------ | ----------------------------- | -------- | -------------------------------------------------------------------------------------------------------------------------------- | | | data [*required*] | object | Object for a single WAF policy. | | data | attributes [*required*] | object | Create a new WAF policy. | | attributes | basedOn [*required*] | string | When creating a new policy, clone the policy indicated by this identifier. | | attributes | description [*required*] | string | Description of the WAF policy. | | attributes | isDefault | boolean | Make this policy the default policy. The default policy is applied to every service not specifically assigned to another policy. | | attributes | name [*required*] | string | The name of the WAF policy. | | attributes | protectionPresets | [string] | Presets enabled on this policy. | | attributes | rules | [object] | Rule overrides applied by the policy. | | rules | blocking [*required*] | boolean | When blocking is enabled, the rule will block the traffic matched by this rule. | | rules | enabled [*required*] | boolean | When false, this rule will not match any traffic. | | rules | extended_data_collection | boolean | When true, collects additional data from the WAF for this rule. | | rules | id [*required*] | string | Override the parameters for this WAF rule identifier. | | attributes | rulesets | [object] | **DEPRECATED**: Deprecated: Ruleset overrides. Use `protectionPresets` instead. | | rulesets | blocking [*required*] | boolean | When blocking is enabled, the ruleset will block the traffic it matches. | | rulesets | enabled [*required*] | boolean | When false, this ruleset will not match any traffic. | | rulesets | id [*required*] | string | The identifier of the ruleset to override. | | attributes | scope | [object] | The scope of the WAF policy. | | scope | env [*required*] | string | The environment scope for the WAF policy. | | scope | service [*required*] | string | The service scope for the WAF policy. | | attributes | version | int64 | Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value. | | data | type [*required*] | enum | The type of the resource. The value should always be `policy`. Allowed enum values: `policy` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "basedOn": "recommended", "description": "Policy applied to internal web applications.", "isDefault": false, "name": "Internal Network Policy", "protectionPresets": [ "attack-tools" ], "rules": [ { "blocking": false, "enabled": true, "id": "rasp-001-002" } ], "scope": [ { "env": "prod", "service": "billing-service" } ], "version": 0 }, "type": "policy" } } ``` {% /tab %} ### Response {% tab title="201" %} Created {% tab title="Model" %} Response object that includes a single WAF policy. | Parent field | Field | Type | Description | | ------------ | ----------------------------- | --------- | -------------------------------------------------------------------------------------------------------------------------------- | | | data | object | Object for a single WAF policy. | | data | attributes | object | A WAF policy. | | attributes | description [*required*] | string | Description of the WAF policy. | | attributes | isDefault | boolean | Make this policy the default policy. The default policy is applied to every service not specifically assigned to another policy. | | attributes | name [*required*] | string | The name of the WAF policy. | | attributes | protectionPresets | [string] | Presets enabled on this policy. | | attributes | rules | [object] | Rule overrides applied by the policy. | | rules | blocking [*required*] | boolean | When blocking is enabled, the rule will block the traffic matched by this rule. | | rules | enabled [*required*] | boolean | When false, this rule will not match any traffic. | | rules | extended_data_collection | boolean | When true, collects additional data from the WAF for this rule. | | rules | id [*required*] | string | Override the parameters for this WAF rule identifier. | | attributes | rulesets | [object] | **DEPRECATED**: Deprecated: Ruleset overrides. Use `protectionPresets` instead. | | rulesets | blocking [*required*] | boolean | When blocking is enabled, the ruleset will block the traffic it matches. | | rulesets | enabled [*required*] | boolean | When false, this ruleset will not match any traffic. | | rulesets | id [*required*] | string | The identifier of the ruleset to override. | | attributes | scope | [object] | The scope of the WAF policy. | | scope | env [*required*] | string | The environment scope for the WAF policy. | | scope | service [*required*] | string | The service scope for the WAF policy. | | attributes | version | int64 | Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value. | | data | id | string | The ID of the policy. | | data | meta | object | Metadata associated with the WAF policy. | | meta | added_at | date-time | The date and time the WAF policy was created. | | meta | added_by | string | The handle of the user who created the WAF policy. | | meta | added_by_name | string | The name of the user who created the WAF policy. | | meta | modified_at | date-time | The date and time the WAF policy was last updated. | | meta | modified_by | string | The handle of the user who last updated the WAF policy. | | meta | modified_by_name | string | The name of the user who last updated the WAF policy. | | data | type | enum | The type of the resource. The value should always be `policy`. Allowed enum values: `policy` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "description": "Policy applied to internal web applications.", "isDefault": false, "name": "Internal Network Policy", "protectionPresets": [ "attack-tools" ], "rules": [ { "blocking": false, "enabled": true, "extended_data_collection": false, "id": "rasp-001-002" } ], "rulesets": [ { "blocking": false, "enabled": true, "id": "attack_tool" } ], "scope": [ { "env": "prod", "service": "billing-service" } ], "version": 0 }, "id": "2857c47d-1e3a-4300-8b2f-dc24089c084b", "meta": { "added_at": "2021-01-01T00:00:00Z", "added_by": "john.doe@datadoghq.com", "added_by_name": "John Doe", "modified_at": "2021-01-01T00:00:00Z", "modified_by": "john.doe@datadoghq.com", "modified_by_name": "John Doe" }, "type": "policy" } } ``` {% /tab %} {% /tab %} {% tab title="400" %} Bad Request {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="403" %} Not Authorized {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="409" %} Concurrent Modification {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \## default # \# Curl command curl -X POST "https://api.datadoghq.com/api/v2/remote_config/products/asm/waf/policies" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "basedOn": "recommended", "description": "Policy applied to internal web applications.", "isDefault": false, "name": "Internal Network Policy", "protectionPresets": [ "attack-tools" ], "rules": [ { "blocking": false, "enabled": true, "id": "rasp-001-002" } ], "scope": [ { "env": "prod", "service": "billing-service" } ], "version": 0 }, "type": "policy" } } EOF {% /tab %}