POST /accounts/{account_id}/gateway/rules

Name	Type	Required	Description
`account_id`	String	Yes

Name	Type	Required	Description
`Content-Type`	String	Yes	The media type of the request body. Default value: "application/json"

Name	Type	Required	Description
`filters[]`	Array	No	The protocol or layer to evaluate the traffic, identity, and device posture expressions.
`traffic`	String	No	The wirefilter expression used for traffic matching.
`expiration`	Object	No	The expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's `schedule` configuration, if any. This does not apply to HTTP or network policies.
`expiration.expired`	Boolean	No	Whether the policy has expired.
`expiration.duration`	Integer	No	The default duration a policy will be active in minutes. Must be set in order to use the `reset_expiration` endpoint on this rule.
`expiration.expires_at`	String	Yes	The time stamp at which the policy will expire and cease to be applied. Must adhere to RFC 3339 and include a UTC offset. Non-zero offsets are accepted but will be converted to the equivalent value with offset zero (UTC+00:00) and will be returned as time stamps with offset zero denoted by a trailing 'Z'. Policies with an expiration do not consider the timezone of clients they are applied to, and expire "globally" at the point given by their `expires_at` value.
`name`	String	Yes	The name of the rule.
`action`	String	Yes	The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to `true`. Possible values: `"noscan"` `"block"` `"scan"` `"allow"` `"off"` `"resolve"` `"quarantine"` `"redirect"` `"on"` `"isolate"` `"noisolate"` `"override"` `"l4_override"` `"egress"` `"safesearch"` `"ytrestricted"`
`description`	String	No	The description of the rule.
`enabled`	Boolean	No	True if the rule is enabled. Default value: false
`schedule`	Object	No	The schedule for activating DNS policies. This does not apply to HTTP or network policies.
`schedule.mon`	String	No	The time intervals when the rule will be active on Mondays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Mondays.
`schedule.sun`	String	No	The time intervals when the rule will be active on Sundays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Sundays.
`schedule.time_zone`	String	No	The time zone the rule will be evaluated against. If a valid time zone city name is provided, Gateway will always use the current time at that time zone. If this parameter is omitted, then Gateway will use the time zone inferred from the user's source IP to evaluate the rule. If Gateway cannot determine the time zone from the IP, we will fall back to the time zone of the user's connected data center.
`schedule.fri`	String	No	The time intervals when the rule will be active on Fridays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Fridays.
`schedule.thu`	String	No	The time intervals when the rule will be active on Thursdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Thursdays.
`schedule.tue`	String	No	The time intervals when the rule will be active on Tuesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Tuesdays.
`schedule.sat`	String	No	The time intervals when the rule will be active on Saturdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Saturdays.
`schedule.wed`	String	No	The time intervals when the rule will be active on Wednesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Wednesdays.
`identity`	String	No	The wirefilter expression used for identity matching.
`precedence`	Integer	No	Precedence sets the order of your rules. Lower values indicate higher precedence. At each processing phase, applicable rules are evaluated in ascending order of this value.
`device_posture`	String	No	The wirefilter expression used for device posture check matching.
`rule_settings`	Object	No	Additional settings that modify the rule's action.
`rule_settings.untrusted_cert`	Object	No	Configure behavior when an upstream cert is invalid or an SSL error occurs.
`rule_settings.untrusted_cert.action`	String	No	The action performed when an untrusted certificate is seen. The default action is an error with HTTP code 526. Possible values: `"block"` `"error"` `"pass_through"`
`rule_settings.block_page_enabled`	Boolean	No	Enable the custom block page. Default value: false
`rule_settings.insecure_disable_dnssec_validation`	Boolean	No	INSECURE - disable DNSSEC validation (for Allow actions). Default value: false
`rule_settings.resolve_dns_internally`	Object	No	Configure to forward the query to the internal DNS service, passing the specified 'view_id' as input. Cannot be set when 'dns_resolvers' are specified or 'resolve_dns_through_cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
`rule_settings.resolve_dns_internally.fallback`	String	No	The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries. Possible values: `"public_dns"` `"none"` Default value: "none"
`rule_settings.resolve_dns_internally.view_id`	String	No	The internal DNS view identifier that's passed to the internal DNS service.
`rule_settings.payload_log`	Object	No	Configure DLP payload logging.
`rule_settings.payload_log.enabled`	Boolean	No	Set to true to enable DLP payload logging for this rule. Default value: false
`rule_settings.resolve_dns_through_cloudflare`	Boolean	No	Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when 'dns_resolvers' are specified or 'resolve_dns_internally' is set. Only valid when a rule's action is set to 'resolve'. Default value: false
`rule_settings.bypass_parent_rule`	Boolean	No	Set by children MSP accounts to bypass their parent's rules.
`rule_settings.egress`	Object	No	Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs.
`rule_settings.egress.ipv4_fallback`	String	No	The fallback IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egress via WARP IPs.
`rule_settings.egress.ipv4`	String	No	The IPv4 address to be used for egress.
`rule_settings.egress.ipv6`	String	No	The IPv6 range to be used for egress.
`rule_settings.ignore_cname_category_matches`	Boolean	No	Set to true, to ignore the category matches at CNAME domains in a response. If unchecked, the categories in this rule will be checked against all the CNAME domain categories in a response. Default value: false
`rule_settings.add_headers`	Object	No	Add custom headers to allowed requests, in the form of key-value pairs. Keys are header names, pointing to an array with its header value(s).
`rule_settings.override_ips[]`	Array	No	Override matching DNS queries with an IP or set of IPs.
`rule_settings.audit_ssh`	Object	No	Settings for the Audit SSH action.
`rule_settings.audit_ssh.command_logging`	Boolean	No	Enable to turn on SSH command logging. Default value: false
`rule_settings.override_host`	String	No	Override matching DNS queries with a hostname.
`rule_settings.block_page`	Object	No	Custom block page settings. If missing/null, blocking will use the the account settings.
`rule_settings.block_page.target_uri`	String	Yes	URI to which the user will be redirected
`rule_settings.block_page.include_context`	Boolean	No	If true, context information will be passed as query parameters Default value: false
`rule_settings.dns_resolvers`	Object	No	Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when 'resolve_dns_through_cloudflare' or 'resolve_dns_internally' are set. DNS queries will route to the address closest to their origin. Only valid when a rule's action is set to 'resolve'.
`rule_settings.dns_resolvers.ipv4[]`	Array	No
`rule_settings.dns_resolvers.ipv4[].vnet_id`	String	No	Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.
`rule_settings.dns_resolvers.ipv4[].port`	Integer	No	A port number to use for upstream resolver. Defaults to 53 if unspecified.
`rule_settings.dns_resolvers.ipv4[].ip`	String	Yes	IPv4 address of upstream resolver.
`rule_settings.dns_resolvers.ipv4[].route_through_private_network`	Boolean	No	Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
`rule_settings.dns_resolvers.ipv6[]`	Array	No
`rule_settings.dns_resolvers.ipv6[].vnet_id`	String	No	Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.
`rule_settings.dns_resolvers.ipv6[].port`	Integer	No	A port number to use for upstream resolver. Defaults to 53 if unspecified.
`rule_settings.dns_resolvers.ipv6[].ip`	String	Yes	IPv6 address of upstream resolver.
`rule_settings.dns_resolvers.ipv6[].route_through_private_network`	Boolean	No	Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
`rule_settings.notification_settings`	Object	No	Configure a notification to display on the user's device when this rule is matched.
`rule_settings.notification_settings.msg`	String	No	Customize the message shown in the notification.
`rule_settings.notification_settings.include_context`	Boolean	No	If true, context information will be passed as query parameters
`rule_settings.notification_settings.support_url`	String	No	Optional URL to direct users to additional information. If not set, the notification will open a block page.
`rule_settings.notification_settings.enabled`	Boolean	No	Set notification on Default value: false
`rule_settings.check_session`	Object	No	Configure how session check behaves.
`rule_settings.check_session.enforce`	Boolean	No	Set to true to enable session enforcement. Default value: false
`rule_settings.check_session.duration`	String	No	Configure how fresh the session needs to be to be considered valid.
`rule_settings.biso_admin_controls`	Object	No	Configure how browser isolation behaves.
`rule_settings.biso_admin_controls.paste`	String	No	Configure whether pasting is enabled or not. When set with "remote_only", pasting content from the user's local clipboard into isolated pages is disabled. When absent, paste is enabled. Only applies when `version == "v2"`. Possible values: `"disabled"` `"remote_only"` `"enabled"`
`rule_settings.biso_admin_controls.dp`	Boolean	No	Set to false to enable printing. Only applies when `version == "v1"`. Default value: false
`rule_settings.biso_admin_controls.printing`	String	No	Configure whether printing is enabled or not. When absent, printing is enabled. Only applies when `version == "v2"`. Possible values: `"disabled"` `"enabled"`
`rule_settings.biso_admin_controls.upload`	String	No	Configure whether uploading is enabled or not. When absent, uploading is enabled. Only applies when `version == "v2"`. Possible values: `"disabled"` `"enabled"`
`rule_settings.biso_admin_controls.copy`	String	No	Configure whether copy is enabled or not. When set with "remote_only", copying isolated content from the remote browser to the user's local clipboard is disabled. When absent, copy is enabled. Only applies when `version == "v2"`. Possible values: `"disabled"` `"remote_only"` `"enabled"`
`rule_settings.biso_admin_controls.dd`	Boolean	No	Set to false to enable downloading. Only applies when `version == "v1"`. Default value: false
`rule_settings.biso_admin_controls.du`	Boolean	No	Set to false to enable uploading. Only applies when `version == "v1"`. Default value: false
`rule_settings.biso_admin_controls.dcp`	Boolean	No	Set to false to enable copy-pasting. Only applies when `version == "v1"`. Default value: false
`rule_settings.biso_admin_controls.download`	String	No	Configure whether downloading enabled or not. When absent, downloading is enabled. Only applies when `version == "v2"`. Possible values: `"disabled"` `"enabled"`
`rule_settings.biso_admin_controls.version`	String	No	Indicates which version of the browser isolation controls should apply. Possible values: `"v1"` `"v2"` Default value: "v1"
`rule_settings.biso_admin_controls.keyboard`	String	No	Configure whether keyboard usage is enabled or not. When absent, keyboard usage is enabled. Only applies when `version == "v2"`. Possible values: `"disabled"` `"enabled"`
`rule_settings.biso_admin_controls.dk`	Boolean	No	Set to false to enable keyboard usage. Only applies when `version == "v1"`. Default value: false
`rule_settings.redirect`	Object	No	Settings that apply to redirect rules
`rule_settings.redirect.target_uri`	String	Yes	URI to which the user will be redirected
`rule_settings.redirect.include_context`	Boolean	No	If true, context information will be passed as query parameters Default value: false
`rule_settings.redirect.preserve_path_and_query`	Boolean	No	If true, the path and query parameters from the original request will be appended to target_uri Default value: false
`rule_settings.l4override`	Object	No	Send matching traffic to the supplied destination IP address and port.
`rule_settings.l4override.port`	Integer	No	A port number to use for TCP/UDP overrides.
`rule_settings.l4override.ip`	String	No	IPv4 or IPv6 address.
`rule_settings.ip_categories`	Boolean	No	Set to true to enable IPs in DNS resolver category blocks. By default categories only block based on domain names. Default value: false
`rule_settings.block_reason`	String	No	The text describing why this block occurred, displayed on the custom block page (if enabled).
`rule_settings.quarantine`	Object	No	Settings that apply to quarantine rules
`rule_settings.quarantine.file_types[]`	Array	No	Types of files to sandbox.
`rule_settings.allow_child_bypass`	Boolean	No	Set by parent MSP accounts to enable their children to bypass this rule.
`rule_settings.ip_indicator_feeds`	Boolean	No	Set to true to include IPs in DNS resolver indicator feed blocks. By default indicator feeds only block based on domain names. Default value: false

Name

Type

Required

Description

filters[]

Array

No

The protocol or layer to evaluate the traffic, identity, and device posture expressions.

traffic

String

No

The wirefilter expression used for traffic matching.

expiration

Object

No

The expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any.

This does not apply to HTTP or network policies.

expiration.expired

Boolean

No

Whether the policy has expired.

expiration.duration

Integer

No

The default duration a policy will be active in minutes. Must be set in order to use the reset_expiration endpoint on this rule.

expiration.expires_at

String

Yes

The time stamp at which the policy will expire and cease to be applied.

Must adhere to RFC 3339 and include a UTC offset. Non-zero offsets are accepted but will be converted to the equivalent value with offset zero (UTC+00:00) and will be returned as time stamps with offset zero denoted by a trailing 'Z'.

Policies with an expiration do not consider the timezone of clients they are applied to, and expire "globally" at the point given by their expires_at value.

name

String

Yes

The name of the rule.

action

String

Yes

The action to preform when the associated traffic, identity, and device posture expressions are either absent or evaluate to true.

Possible values:

"noscan"
"block"
"scan"
"allow"
"off"
"resolve"
"quarantine"
"redirect"
"on"
"isolate"
"noisolate"
"override"
"l4_override"
"egress"
"safesearch"
"ytrestricted"

description

String

No

The description of the rule.

enabled

Boolean

No

True if the rule is enabled.

Default value: false

schedule

Object

No

The schedule for activating DNS policies. This does not apply to HTTP or network policies.

schedule.mon

String

No

The time intervals when the rule will be active on Mondays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Mondays.

schedule.sun

String

No

The time intervals when the rule will be active on Sundays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Sundays.

schedule.time_zone

String

No

The time zone the rule will be evaluated against. If a valid time zone city name is provided, Gateway will always use the current time at that time zone. If this parameter is omitted, then Gateway will use the time zone inferred from the user's source IP to evaluate the rule. If Gateway cannot determine the time zone from the IP, we will fall back to the time zone of the user's connected data center.

schedule.fri

String

No

The time intervals when the rule will be active on Fridays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Fridays.

schedule.thu

String

No

The time intervals when the rule will be active on Thursdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Thursdays.

schedule.tue

String

No

The time intervals when the rule will be active on Tuesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Tuesdays.

schedule.sat

String

No

The time intervals when the rule will be active on Saturdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Saturdays.

schedule.wed

String

No

The time intervals when the rule will be active on Wednesdays, in increasing order from 00:00-24:00. If this parameter is omitted, the rule will be deactivated on Wednesdays.

identity

String

No

The wirefilter expression used for identity matching.

precedence

Integer

No

Precedence sets the order of your rules. Lower values indicate higher precedence. At each processing phase, applicable rules are evaluated in ascending order of this value.

device_posture

String

No

The wirefilter expression used for device posture check matching.

rule_settings

Object

No

Additional settings that modify the rule's action.

rule_settings.untrusted_cert

Object

No

Configure behavior when an upstream cert is invalid or an SSL error occurs.

rule_settings.untrusted_cert.action

String

No

The action performed when an untrusted certificate is seen. The default action is an error with HTTP code 526.

Possible values:

"block"
"error"
"pass_through"

rule_settings.block_page_enabled

Boolean

No

Enable the custom block page.

Default value: false

rule_settings.insecure_disable_dnssec_validation

Boolean

No

INSECURE - disable DNSSEC validation (for Allow actions).

Default value: false

rule_settings.resolve_dns_internally

Object

No

Configure to forward the query to the internal DNS service, passing the specified 'view_id' as input. Cannot be set when 'dns_resolvers' are specified or 'resolve_dns_through_cloudflare' is set. Only valid when a rule's action is set to 'resolve'.

rule_settings.resolve_dns_internally.fallback

String

No

The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries.

Possible values:

"public_dns"
"none"

Default value: "none"

rule_settings.resolve_dns_internally.view_id

String

No

The internal DNS view identifier that's passed to the internal DNS service.

rule_settings.payload_log

Object

No

Configure DLP payload logging.

rule_settings.payload_log.enabled

Boolean

No

Set to true to enable DLP payload logging for this rule.

Default value: false

rule_settings.resolve_dns_through_cloudflare

Boolean

No

Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when 'dns_resolvers' are specified or 'resolve_dns_internally' is set. Only valid when a rule's action is set to 'resolve'.

Default value: false

rule_settings.bypass_parent_rule

Boolean

No

Set by children MSP accounts to bypass their parent's rules.

rule_settings.egress

Object

No

Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs.

rule_settings.egress.ipv4_fallback

String

No

The fallback IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egress via WARP IPs.

rule_settings.egress.ipv4

String

No

The IPv4 address to be used for egress.

rule_settings.egress.ipv6

String

No

The IPv6 range to be used for egress.

rule_settings.ignore_cname_category_matches

Boolean

No

Set to true, to ignore the category matches at CNAME domains in a response. If unchecked, the categories in this rule will be checked against all the CNAME domain categories in a response.

Default value: false

rule_settings.add_headers

Object

No

Add custom headers to allowed requests, in the form of key-value pairs. Keys are header names, pointing to an array with its header value(s).

rule_settings.override_ips[]

Array

No

Override matching DNS queries with an IP or set of IPs.

rule_settings.audit_ssh

Object

No

Settings for the Audit SSH action.

rule_settings.audit_ssh.command_logging

Boolean

No

Enable to turn on SSH command logging.

Default value: false

rule_settings.override_host

String

No

Override matching DNS queries with a hostname.

rule_settings.block_page

Object

No

Custom block page settings. If missing/null, blocking will use the the account settings.

rule_settings.block_page.target_uri

String

Yes

URI to which the user will be redirected

rule_settings.block_page.include_context

Boolean

No

If true, context information will be passed as query parameters

Default value: false

rule_settings.dns_resolvers

Object

No

Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when 'resolve_dns_through_cloudflare' or 'resolve_dns_internally' are set. DNS queries will route to the address closest to their origin. Only valid when a rule's action is set to 'resolve'.

rule_settings.dns_resolvers.ipv4[]

Array

No

rule_settings.dns_resolvers.ipv4[].vnet_id

String

No

Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

rule_settings.dns_resolvers.ipv4[].port

Integer

No

A port number to use for upstream resolver. Defaults to 53 if unspecified.

rule_settings.dns_resolvers.ipv4[].ip

String

Yes

IPv4 address of upstream resolver.

rule_settings.dns_resolvers.ipv4[].route_through_private_network

Boolean

No

Whether to connect to this resolver over a private network. Must be set when vnet_id is set.

rule_settings.dns_resolvers.ipv6[]

Array

No

rule_settings.dns_resolvers.ipv6[].vnet_id

String

No

Optionally specify a virtual network for this resolver. Uses default virtual network id if omitted.

rule_settings.dns_resolvers.ipv6[].port

Integer

No

A port number to use for upstream resolver. Defaults to 53 if unspecified.

rule_settings.dns_resolvers.ipv6[].ip

String

Yes

IPv6 address of upstream resolver.

rule_settings.dns_resolvers.ipv6[].route_through_private_network

Boolean

No

Whether to connect to this resolver over a private network. Must be set when vnet_id is set.

rule_settings.notification_settings

Object

No

Configure a notification to display on the user's device when this rule is matched.

rule_settings.notification_settings.msg

String

No

Customize the message shown in the notification.

rule_settings.notification_settings.include_context

Boolean

No

If true, context information will be passed as query parameters

rule_settings.notification_settings.support_url

String

No

Optional URL to direct users to additional information. If not set, the notification will open a block page.

rule_settings.notification_settings.enabled

Boolean

No

Set notification on

Default value: false

rule_settings.check_session

Object

No

Configure how session check behaves.

rule_settings.check_session.enforce

Boolean

No

Set to true to enable session enforcement.

Default value: false

rule_settings.check_session.duration

String

No

Configure how fresh the session needs to be to be considered valid.

rule_settings.biso_admin_controls

Object

No

Configure how browser isolation behaves.

rule_settings.biso_admin_controls.paste

String

No

Configure whether pasting is enabled or not. When set with "remote_only", pasting content from the user's local clipboard into isolated pages is disabled. When absent, paste is enabled. Only applies when version == "v2".

Possible values:

"disabled"
"remote_only"
"enabled"

rule_settings.biso_admin_controls.dp

Boolean

No

Set to false to enable printing. Only applies when version == "v1".

Default value: false

rule_settings.biso_admin_controls.printing

String

No

Configure whether printing is enabled or not. When absent, printing is enabled. Only applies when version == "v2".

Possible values:

"disabled"
"enabled"

rule_settings.biso_admin_controls.upload

String

No

Configure whether uploading is enabled or not. When absent, uploading is enabled. Only applies when version == "v2".

Possible values:

"disabled"
"enabled"

rule_settings.biso_admin_controls.copy

String

No

Configure whether copy is enabled or not. When set with "remote_only", copying isolated content from the remote browser to the user's local clipboard is disabled. When absent, copy is enabled. Only applies when version == "v2".

Possible values:

"disabled"
"remote_only"
"enabled"

rule_settings.biso_admin_controls.dd

Boolean

No

Set to false to enable downloading. Only applies when version == "v1".

Default value: false

rule_settings.biso_admin_controls.du

Boolean

No

Set to false to enable uploading. Only applies when version == "v1".

Default value: false

rule_settings.biso_admin_controls.dcp

Boolean

No

Set to false to enable copy-pasting. Only applies when version == "v1".

Default value: false

rule_settings.biso_admin_controls.download

String

No

Configure whether downloading enabled or not. When absent, downloading is enabled. Only applies when version == "v2".

Possible values:

"disabled"
"enabled"

rule_settings.biso_admin_controls.version

String

No

Indicates which version of the browser isolation controls should apply.

Possible values:

"v1"
"v2"

Default value: "v1"

rule_settings.biso_admin_controls.keyboard

String

No

Configure whether keyboard usage is enabled or not. When absent, keyboard usage is enabled. Only applies when version == "v2".

Possible values:

"disabled"
"enabled"

rule_settings.biso_admin_controls.dk

Boolean

No

Set to false to enable keyboard usage. Only applies when version == "v1".

Default value: false

rule_settings.redirect

Object

No

Settings that apply to redirect rules

rule_settings.redirect.target_uri

String

Yes

URI to which the user will be redirected

rule_settings.redirect.include_context

Boolean

No

If true, context information will be passed as query parameters

Default value: false

rule_settings.redirect.preserve_path_and_query

Boolean

No

If true, the path and query parameters from the original request will be appended to target_uri

Default value: false

rule_settings.l4override

Object

No

Send matching traffic to the supplied destination IP address and port.

rule_settings.l4override.port

Integer

No

A port number to use for TCP/UDP overrides.

rule_settings.l4override.ip

String

No

IPv4 or IPv6 address.

rule_settings.ip_categories

Boolean

No

Set to true to enable IPs in DNS resolver category blocks. By default categories only block based on domain names.

Default value: false

rule_settings.block_reason

String

No

The text describing why this block occurred, displayed on the custom block page (if enabled).

rule_settings.quarantine

Object

No

Settings that apply to quarantine rules

rule_settings.quarantine.file_types[]

Array

No

Types of files to sandbox.

rule_settings.allow_child_bypass

Boolean

No

Set by parent MSP accounts to enable their children to bypass this rule.

rule_settings.ip_indicator_feeds

Boolean

No

Set to true to include IPs in DNS resolver indicator feed blocks. By default indicator feeds only block based on domain names.

Default value: false

Servers

Path parameters

Request headers

Request body fields

How to start integrating