--- title: Get a WAF custom rule description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Application Security --- # Get a WAF custom rule{% #get-a-waf-custom-rule %} Copy pageCopied {% tab title="v2" %} | Datadog site | API endpoint | | ----------------- | ----------------------------------------------------------------------------------------------------- | | ap1.datadoghq.com | GET https://api.ap1.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id} | | ap2.datadoghq.com | GET https://api.ap2.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id} | | app.datadoghq.eu | GET https://api.datadoghq.eu/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id} | | app.ddog-gov.com | GET https://api.ddog-gov.com/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id} | | us2.ddog-gov.com | GET https://api.us2.ddog-gov.com/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id} | | app.datadoghq.com | GET https://api.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id} | | us3.datadoghq.com | GET https://api.us3.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id} | | us5.datadoghq.com | GET https://api.us5.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules/{custom_rule_id} | ### Overview Retrieve a WAF custom rule by ID. ### Arguments #### Path Parameters | Name | Type | Description | | -------------------------------- | ------ | -------------------------- | | custom_rule_id [*required*] | string | The ID of the custom rule. | ### Response {% tab title="200" %} OK {% tab title="Model" %} Response object that includes a single WAF custom rule. | Parent field | Field | Type | Description | | ------------ | ---------------------------- | --------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | data | object | Object for a single WAF custom rule. | | data | attributes | object | A WAF custom rule. | | attributes | action | object | The definition of `ApplicationSecurityWafCustomRuleAction` object. | | action | action | enum | Override the default action to take when the WAF custom rule would block. Allowed enum values: `redirect_request,block_request` | | action | parameters | object | The definition of `ApplicationSecurityWafCustomRuleActionParameters` object. | | parameters | location | string | The location to redirect to when the WAF custom rule triggers. | | parameters | status_code | int64 | The status code to return when the WAF custom rule triggers. | | attributes | blocking [*required*] | boolean | Indicates whether the WAF custom rule will block the request. | | attributes | conditions [*required*] | [object] | Conditions for which the WAF Custom Rule will triggers, all conditions needs to match in order for the WAF rule to trigger. | | conditions | operator [*required*] | enum | Operator to use for the WAF Condition. Allowed enum values: `match_regex,!match_regex,phrase_match,!phrase_match,is_xss,is_sqli,exact_match,!exact_match,ip_match,!ip_match` | | conditions | parameters [*required*] | object | The scope of the WAF custom rule. | | parameters | data | string | Identifier of a list of data from the denylist. Can only be used as substitution from the list parameter. | | parameters | inputs [*required*] | [object] | List of inputs on which at least one should match with the given operator. | | inputs | address [*required*] | enum | Input from the request on which the condition should apply. Allowed enum values: `server.db.statement,server.io.fs.file,server.io.net.url,server.sys.shell.cmd,server.request.method,server.request.uri.raw,server.request.path_params,server.request.query,server.request.headers,server.request.headers.no_cookies` | | inputs | key_path | [string] | Specific path for the input. | | parameters | list | [string] | List of value to use with the condition. Only used with the phrase_match, !phrase_match, exact_match and !exact_match operator. | | parameters | options | object | Options for the operator of this condition. | | options | case_sensitive | boolean | Evaluate the value as case sensitive. | | options | min_length | int64 | Only evaluate this condition if the value has a minimum amount of characters. | | parameters | regex | string | Regex to use with the condition. Only used with match_regex and !match_regex operator. | | parameters | type | enum | The type of the value to compare against. Only used with the equals and !equals operator. Allowed enum values: `boolean,signed,unsigned,float,string` | | parameters | value | string | Store the captured value in the specified tag name. Only used with the capture_data operator. | | attributes | enabled [*required*] | boolean | Indicates whether the WAF custom rule is enabled. | | attributes | metadata | object | Metadata associated with the WAF Custom Rule. | | metadata | added_at | date-time | The date and time the WAF custom rule was created. | | metadata | added_by | string | The handle of the user who created the WAF custom rule. | | metadata | added_by_name | string | The name of the user who created the WAF custom rule. | | metadata | modified_at | date-time | The date and time the WAF custom rule was last updated. | | metadata | modified_by | string | The handle of the user who last updated the WAF custom rule. | | metadata | modified_by_name | string | The name of the user who last updated the WAF custom rule. | | attributes | name [*required*] | string | The name of the WAF custom rule. | | attributes | path_glob | string | The path glob for the WAF custom rule. | | attributes | scope | [object] | The scope of the WAF custom rule. | | scope | env [*required*] | string | The environment scope for the WAF custom rule. | | scope | service [*required*] | string | The service scope for the WAF custom rule. | | attributes | tags [*required*] | object | Tags associated with the WAF Custom Rule. The concatenation of category and type will form the security activity field associated with the traces. | | tags | category [*required*] | enum | The category of the WAF Rule, can be either `business_logic`, `attack_attempt` or `security_response`. Allowed enum values: `attack_attempt,business_logic,security_response` | | tags | type [*required*] | string | The type of the WAF rule, associated with the category will form the security activity. | | data | id | string | The ID of the custom rule. | | data | type | enum | The type of the resource. The value should always be `custom_rule`. Allowed enum values: `custom_rule` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "action": { "action": "block_request", "parameters": { "location": "/blocking", "status_code": 403 } }, "blocking": false, "conditions": [ { "operator": "match_regex", "parameters": { "data": "blocked_users", "inputs": [ { "address": "server.db.statement", "key_path": [] } ], "list": [], "options": { "case_sensitive": false, "min_length": "integer" }, "regex": "path.*", "type": "string", "value": "custom_tag" } } ], "enabled": false, "metadata": { "added_at": "2021-01-01T00:00:00Z", "added_by": "john.doe@datadoghq.com", "added_by_name": "John Doe", "modified_at": "2021-01-01T00:00:00Z", "modified_by": "john.doe@datadoghq.com", "modified_by_name": "John Doe" }, "name": "Block request from bad useragent", "path_glob": "/api/search/*", "scope": [ { "env": "prod", "service": "billing-service" } ], "tags": { "category": "business_logic", "type": "users.login.success" } }, "id": "2857c47d-1e3a-4300-8b2f-dc24089c084b", "type": "custom_rule" } } ``` {% /tab %} {% /tab %} {% tab title="403" %} Not Authorized {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \# Path parameters export custom_rule_id="3b5-v82-ns6" \# Curl command curl -X GET "https://api.datadoghq.com/api/v2/remote_config/products/asm/waf/custom_rules/${custom_rule_id}" \ -H "Accept: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" ##### ```python """ Get a WAF custom rule returns "OK" response """ from datadog_api_client import ApiClient, Configuration from datadog_api_client.v2.api.application_security_api import ApplicationSecurityApi configuration = Configuration() with ApiClient(configuration) as api_client: api_instance = ApplicationSecurityApi(api_client) response = api_instance.get_application_security_waf_custom_rule( custom_rule_id="custom_rule_id", ) print(response) ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" python3 "example.py" ##### ```ruby # Get a WAF custom rule returns "OK" response require "datadog_api_client" api_instance = DatadogAPIClient::V2::ApplicationSecurityAPI.new p api_instance.get_application_security_waf_custom_rule("custom_rule_id") ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" rb "example.rb" ##### ```go // Get a WAF custom rule returns "OK" response package main import ( "context" "encoding/json" "fmt" "os" "github.com/DataDog/datadog-api-client-go/v2/api/datadog" "github.com/DataDog/datadog-api-client-go/v2/api/datadogV2" ) func main() { ctx := datadog.NewDefaultContext(context.Background()) configuration := datadog.NewConfiguration() apiClient := datadog.NewAPIClient(configuration) api := datadogV2.NewApplicationSecurityApi(apiClient) resp, r, err := api.GetApplicationSecurityWafCustomRule(ctx, "custom_rule_id") if err != nil { fmt.Fprintf(os.Stderr, "Error when calling `ApplicationSecurityApi.GetApplicationSecurityWafCustomRule`: %v\n", err) fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r) } responseContent, _ := json.MarshalIndent(resp, "", " ") fmt.Fprintf(os.Stdout, "Response from `ApplicationSecurityApi.GetApplicationSecurityWafCustomRule`:\n%s\n", responseContent) } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" go run "main.go" ##### ```java // Get a WAF custom rule returns "OK" response import com.datadog.api.client.ApiClient; import com.datadog.api.client.ApiException; import com.datadog.api.client.v2.api.ApplicationSecurityApi; import com.datadog.api.client.v2.model.ApplicationSecurityWafCustomRuleResponse; public class Example { public static void main(String[] args) { ApiClient defaultClient = ApiClient.getDefaultApiClient(); ApplicationSecurityApi apiInstance = new ApplicationSecurityApi(defaultClient); try { ApplicationSecurityWafCustomRuleResponse result = apiInstance.getApplicationSecurityWafCustomRule("3b5-v82-ns6"); System.out.println(result); } catch (ApiException e) { System.err.println( "Exception when calling ApplicationSecurityApi#getApplicationSecurityWafCustomRule"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" java "Example.java" ##### ```rust // Get a WAF custom rule returns "OK" response use datadog_api_client::datadog; use datadog_api_client::datadogV2::api_application_security::ApplicationSecurityAPI; #[tokio::main] async fn main() { let configuration = datadog::Configuration::new(); let api = ApplicationSecurityAPI::with_config(configuration); let resp = api .get_application_security_waf_custom_rule("custom_rule_id".to_string()) .await; if let Ok(value) = resp { println!("{:#?}", value); } else { println!("{:#?}", resp.unwrap_err()); } } ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" cargo run ##### ```typescript /** * Get a WAF custom rule returns "OK" response */ import { client, v2 } from "@datadog/datadog-api-client"; const configuration = client.createConfiguration(); const apiInstance = new v2.ApplicationSecurityApi(configuration); const params: v2.ApplicationSecurityApiGetApplicationSecurityWafCustomRuleRequest = { customRuleId: "custom_rule_id", }; apiInstance .getApplicationSecurityWafCustomRule(params) .then((data: v2.ApplicationSecurityWafCustomRuleResponse) => { console.log( "API called successfully. Returned data: " + JSON.stringify(data) ); }) .catch((error: any) => console.error(error)); ``` #### Instructions First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands: DD_SITE="datadoghq.com" DD_API_KEY="" DD_APP_KEY="" tsc "example.ts" {% /tab %}