--- title: Create a WAF Policy description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Application Security --- # Create a WAF Policy{% #create-a-waf-policy %} Copy pageCopied {% tab title="v2" %} | Datadog site | API endpoint | | ----------------- | --------------------------------------------------------------------------------- | | ap1.datadoghq.com | POST https://api.ap1.datadoghq.com/api/v2/remote_config/products/asm/waf/policies | | ap2.datadoghq.com | POST https://api.ap2.datadoghq.com/api/v2/remote_config/products/asm/waf/policies | | app.datadoghq.eu | POST https://api.datadoghq.eu/api/v2/remote_config/products/asm/waf/policies | | app.ddog-gov.com | POST https://api.ddog-gov.com/api/v2/remote_config/products/asm/waf/policies | | us2.ddog-gov.com | POST https://api.us2.ddog-gov.com/api/v2/remote_config/products/asm/waf/policies | | app.datadoghq.com | POST https://api.datadoghq.com/api/v2/remote_config/products/asm/waf/policies | | us3.datadoghq.com | POST https://api.us3.datadoghq.com/api/v2/remote_config/products/asm/waf/policies | | us5.datadoghq.com | POST https://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/policies | ### Overview Create a new WAF policy. ### Request #### Body Data (required) The new WAF policy. {% tab title="Model" %} | Parent field | Field | Type | Description | | ------------ | ----------------------------- | -------- | -------------------------------------------------------------------------------------------------------------------------------- | | | data [*required*] | object | Object for a single WAF policy. | | data | attributes [*required*] | object | Create a new WAF policy. | | attributes | basedOn [*required*] | string | When creating a new policy, clone the policy indicated by this identifier. | | attributes | description [*required*] | string | Description of the WAF policy. | | attributes | isDefault | boolean | Make this policy the default policy. The default policy is applied to every service not specifically assigned to another policy. | | attributes | name [*required*] | string | The name of the WAF policy. | | attributes | protectionPresets | [string] | Presets enabled on this policy. | | attributes | rules | [object] | Rule overrides applied by the policy. | | rules | blocking [*required*] | boolean | When blocking is enabled, the rule will block the traffic matched by this rule. | | rules | enabled [*required*] | boolean | When false, this rule will not match any traffic. | | rules | extended_data_collection | boolean | When true, collects additional data from the WAF for this rule. | | rules | id [*required*] | string | Override the parameters for this WAF rule identifier. | | attributes | rulesets | [object] | **DEPRECATED**: Deprecated: Ruleset overrides. Use `protectionPresets` instead. | | rulesets | blocking [*required*] | boolean | When blocking is enabled, the ruleset will block the traffic it matches. | | rulesets | enabled [*required*] | boolean | When false, this ruleset will not match any traffic. | | rulesets | id [*required*] | string | The identifier of the ruleset to override. | | attributes | scope | [object] | The scope of the WAF policy. | | scope | env [*required*] | string | The environment scope for the WAF policy. | | scope | service [*required*] | string | The service scope for the WAF policy. | | attributes | version | int64 | Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value. | | data | type [*required*] | enum | The type of the resource. The value should always be `policy`. Allowed enum values: `policy` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "basedOn": "recommended", "description": "Policy applied to internal web applications.", "isDefault": false, "name": "Internal Network Policy", "protectionPresets": [ "attack-tools" ], "rules": [ { "blocking": false, "enabled": true, "id": "rasp-001-002" } ], "scope": [ { "env": "prod", "service": "billing-service" } ], "version": 0 }, "type": "policy" } } ``` {% /tab %} ### Response {% tab title="201" %} Created {% tab title="Model" %} Response object that includes a single WAF policy. | Parent field | Field | Type | Description | | ------------ | ----------------------------- | --------- | -------------------------------------------------------------------------------------------------------------------------------- | | | data | object | Object for a single WAF policy. | | data | attributes | object | A WAF policy. | | attributes | description [*required*] | string | Description of the WAF policy. | | attributes | isDefault | boolean | Make this policy the default policy. The default policy is applied to every service not specifically assigned to another policy. | | attributes | name [*required*] | string | The name of the WAF policy. | | attributes | protectionPresets | [string] | Presets enabled on this policy. | | attributes | rules | [object] | Rule overrides applied by the policy. | | rules | blocking [*required*] | boolean | When blocking is enabled, the rule will block the traffic matched by this rule. | | rules | enabled [*required*] | boolean | When false, this rule will not match any traffic. | | rules | extended_data_collection | boolean | When true, collects additional data from the WAF for this rule. | | rules | id [*required*] | string | Override the parameters for this WAF rule identifier. | | attributes | rulesets | [object] | **DEPRECATED**: Deprecated: Ruleset overrides. Use `protectionPresets` instead. | | rulesets | blocking [*required*] | boolean | When blocking is enabled, the ruleset will block the traffic it matches. | | rulesets | enabled [*required*] | boolean | When false, this ruleset will not match any traffic. | | rulesets | id [*required*] | string | The identifier of the ruleset to override. | | attributes | scope | [object] | The scope of the WAF policy. | | scope | env [*required*] | string | The environment scope for the WAF policy. | | scope | service [*required*] | string | The service scope for the WAF policy. | | attributes | version | int64 | Version of the WAF ruleset maintained by Datadog used by this policy. 0 is the default value. | | data | id | string | The ID of the policy. | | data | meta | object | Metadata associated with the WAF policy. | | meta | added_at | date-time | The date and time the WAF policy was created. | | meta | added_by | string | The handle of the user who created the WAF policy. | | meta | added_by_name | string | The name of the user who created the WAF policy. | | meta | modified_at | date-time | The date and time the WAF policy was last updated. | | meta | modified_by | string | The handle of the user who last updated the WAF policy. | | meta | modified_by_name | string | The name of the user who last updated the WAF policy. | | data | type | enum | The type of the resource. The value should always be `policy`. Allowed enum values: `policy` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "description": "Policy applied to internal web applications.", "isDefault": false, "name": "Internal Network Policy", "protectionPresets": [ "attack-tools" ], "rules": [ { "blocking": false, "enabled": true, "extended_data_collection": false, "id": "rasp-001-002" } ], "rulesets": [ { "blocking": false, "enabled": true, "id": "attack_tool" } ], "scope": [ { "env": "prod", "service": "billing-service" } ], "version": 0 }, "id": "2857c47d-1e3a-4300-8b2f-dc24089c084b", "meta": { "added_at": "2021-01-01T00:00:00Z", "added_by": "john.doe@datadoghq.com", "added_by_name": "John Doe", "modified_at": "2021-01-01T00:00:00Z", "modified_by": "john.doe@datadoghq.com", "modified_by_name": "John Doe" }, "type": "policy" } } ``` {% /tab %} {% /tab %} {% tab title="400" %} Bad Request {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="403" %} Not Authorized {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="409" %} Concurrent Modification {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \## default # \# Curl command curl -X POST "https://api.datadoghq.com/api/v2/remote_config/products/asm/waf/policies" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "basedOn": "recommended", "description": "Policy applied to internal web applications.", "isDefault": false, "name": "Internal Network Policy", "protectionPresets": [ "attack-tools" ], "rules": [ { "blocking": false, "enabled": true, "id": "rasp-001-002" } ], "scope": [ { "env": "prod", "service": "billing-service" } ], "version": 0 }, "type": "policy" } } EOF ##### ```go // Create a WAF Policy returns "Created" response package main import ( "context" "encoding/json" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" ) func main() { body := datadogV2.ApplicationSecurityPolicyCreateRequest{ Data: datadogV2.ApplicationSecurityPolicyCreateData{ Attributes: datadogV2.ApplicationSecurityPolicyCreateAttributes{ BasedOn: "recommended", Description: "Policy applied to internal web applications.", IsDefault: datadog.PtrBool(false), Name: "Internal Network Policy", ProtectionPresets: []string{ "attack-tools", }, Rules: []datadogV2.ApplicationSecurityPolicyRuleOverride{ { Blocking: false, Enabled: true, Id: "rasp-001-002", }, }, Scope: []datadogV2.ApplicationSecurityPolicyScope{ { Env: "prod", Service: "billing-service", }, }, Version: datadog.PtrInt64(0), }, Type: datadogV2.APPLICATIONSECURITYPOLICYTYPE_POLICY, }, } ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewApplicationSecurityApi(apiClient) resp, r, err := api.CreateApplicationSecurityWafPolicy(ctx, body) if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `ApplicationSecurityApi.CreateApplicationSecurityWafPolicy`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := json.MarshalIndent(resp, "", " ") fmt.Fprintf(os.Stdout, "Response from `ApplicationSecurityApi.CreateApplicationSecurityWafPolicy`:\n%s\n", responseContent) } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" go run "main.go" ##### ```java // Create a WAF Policy returns "Created" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v2.api.ApplicationSecurityApi; import com.datadog.api.client.v2.model.ApplicationSecurityPolicyCreateAttributes; import com.datadog.api.client.v2.model.ApplicationSecurityPolicyCreateData; import com.datadog.api.client.v2.model.ApplicationSecurityPolicyCreateRequest; import com.datadog.api.client.v2.model.ApplicationSecurityPolicyResponse; import com.datadog.api.client.v2.model.ApplicationSecurityPolicyRuleOverride; import com.datadog.api.client.v2.model.ApplicationSecurityPolicyScope; import com.datadog.api.client.v2.model.ApplicationSecurityPolicyType; import java.util.Collections; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); ApplicationSecurityApi apiInstance = new ApplicationSecurityApi(defaultClient); ApplicationSecurityPolicyCreateRequest body = new ApplicationSecurityPolicyCreateRequest() .data( new ApplicationSecurityPolicyCreateData() .attributes( new ApplicationSecurityPolicyCreateAttributes() .basedOn("recommended") .description("Policy applied to internal web applications.") .isDefault(false) .name("Internal Network Policy") .protectionPresets(Collections.singletonList("attack-tools")) .rules( Collections.singletonList( new ApplicationSecurityPolicyRuleOverride() .blocking(false) .enabled(true) .id("rasp-001-002"))) .scope( Collections.singletonList( new ApplicationSecurityPolicyScope() .env("prod") .service("billing-service"))) .version(0L)) .type(ApplicationSecurityPolicyType.POLICY)); try { ApplicationSecurityPolicyResponse result = apiInstance.createApplicationSecurityWafPolicy(body); System.out.println(result); } catch (ApiException e) { System.err.println( "Exception when calling ApplicationSecurityApi#createApplicationSecurityWafPolicy"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" java "Example.java" ##### ```python """ Create a WAF Policy returns "Created" response """ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.application_security_api import ApplicationSecurityApi from datadog_api_client.v2.model.application_security_policy_create_attributes import ( ApplicationSecurityPolicyCreateAttributes, ) from datadog_api_client.v2.model.application_security_policy_create_data import ApplicationSecurityPolicyCreateData from datadog_api_client.v2.model.application_security_policy_create_request import ( ApplicationSecurityPolicyCreateRequest, ) from datadog_api_client.v2.model.application_security_policy_rule_override import ApplicationSecurityPolicyRuleOverride from datadog_api_client.v2.model.application_security_policy_scope import ApplicationSecurityPolicyScope from datadog_api_client.v2.model.application_security_policy_type import ApplicationSecurityPolicyType body = ApplicationSecurityPolicyCreateRequest( data=ApplicationSecurityPolicyCreateData( attributes=ApplicationSecurityPolicyCreateAttributes( based_on="recommended", description="Policy applied to internal web applications.", is_default=False, name="Internal Network Policy", protection_presets=[ "attack-tools", ], rules=[ ApplicationSecurityPolicyRuleOverride( blocking=False, enabled=True, id="rasp-001-002", ), ], scope=[ ApplicationSecurityPolicyScope( env="prod", service="billing-service", ), ], version=0, ), type=ApplicationSecurityPolicyType.POLICY, ), ) configuration = Configuration() with ApiClient(configuration) as api_client: api_instance = ApplicationSecurityApi(api_client) response = api_instance.create_application_security_waf_policy(body=body) print(response) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" python3 "example.py" ##### ```ruby # Create a WAF Policy returns "Created" response require "datadog_api_client" api_instance = DatadogAPIClient::V2::ApplicationSecurityAPI.new body = DatadogAPIClient::V2::ApplicationSecurityPolicyCreateRequest.new({ data: DatadogAPIClient::V2::ApplicationSecurityPolicyCreateData.new({ attributes: DatadogAPIClient::V2::ApplicationSecurityPolicyCreateAttributes.new({ based_on: "recommended", description: "Policy applied to internal web applications.", is_default: false, name: "Internal Network Policy", protection_presets: [ "attack-tools", ], rules: [ DatadogAPIClient::V2::ApplicationSecurityPolicyRuleOverride.new({ blocking: false, enabled: true, id: "rasp-001-002", }), ], scope: [ DatadogAPIClient::V2::ApplicationSecurityPolicyScope.new({ env: "prod", service: "billing-service", }), ], version: 0, }), type: DatadogAPIClient::V2::ApplicationSecurityPolicyType::POLICY, }), }) p api_instance.create_application_security_waf_policy(body) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" rb "example.rb" ##### ```rust // Create a WAF Policy returns "Created" response use datadog_api_client::datadog; use datadog_api_client::datadogV2::api_application_security::ApplicationSecurityAPI; use datadog_api_client::datadogV2::model::ApplicationSecurityPolicyCreateAttributes; use datadog_api_client::datadogV2::model::ApplicationSecurityPolicyCreateData; use datadog_api_client::datadogV2::model::ApplicationSecurityPolicyCreateRequest; use datadog_api_client::datadogV2::model::ApplicationSecurityPolicyRuleOverride; use datadog_api_client::datadogV2::model::ApplicationSecurityPolicyScope; use datadog_api_client::datadogV2::model::ApplicationSecurityPolicyType; #[tokio::main] async fn main() { let body = ApplicationSecurityPolicyCreateRequest::new(ApplicationSecurityPolicyCreateData::new( ApplicationSecurityPolicyCreateAttributes::new( "recommended".to_string(), "Policy applied to internal web applications.".to_string(), "Internal Network Policy".to_string(), ) .is_default(false) .protection_presets(vec!["attack-tools".to_string()]) .rules(vec![ApplicationSecurityPolicyRuleOverride::new( false, true, "rasp-001-002".to_string(), )]) .scope(vec![ApplicationSecurityPolicyScope::new( "prod".to_string(), "billing-service".to_string(), )]) .version(0), ApplicationSecurityPolicyType::POLICY, )); let configuration = datadog::Configuration::new(); let api = ApplicationSecurityAPI::with_config(configuration); let resp = api.create_application_security_waf_policy(body).await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" cargo run ##### ```typescript /** * Create a WAF Policy returns "Created" response */ import { client, v2 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v2.ApplicationSecurityApi(configuration); const params: v2.ApplicationSecurityApiCreateApplicationSecurityWafPolicyRequest = { body: { data: { attributes: { basedOn: "recommended", description: "Policy applied to internal web applications.", isDefault: false, name: "Internal Network Policy", protectionPresets: ["attack-tools"], rules: [ { blocking: false, enabled: true, id: "rasp-001-002", }, ], scope: [ { env: "prod", service: "billing-service", }, ], version: 0, }, type: "policy", }, }, }; apiInstance .createApplicationSecurityWafPolicy(params) .then((data: v2.ApplicationSecurityPolicyResponse) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" tsc "example.ts" {% /tab %}