The action to take when the access criteria are met for a rule. If unspecified, defaults to {@code ALLOW}.
- **ALLOW:** Takes no action, just logs the request.
- **DETECT:** Takes no action, but creates an alert for the request.
- **BLOCK:** Blocks the request by returning specified response code or showing error page.
- **BYPASS:** Bypasses some or all challenges.
- **REDIRECT:** Redirects the request to the specified URL. These fields are required when {@code REDIRECT} is selected: {@code redirectUrl}, {@code redirectResponseCode}.
- **SHOW_CAPTCHA:** Show a CAPTCHA Challenge page instead of the requested page.
Regardless of action, no further rules are processed once a rule is matched.
The method used to block requests if {@code action} is set to {@code BLOCK} and the access criteria are met. If unspecified, defaults to {@code SET_RESPONSE_CODE}.
The error code to show on the error page when {@code action} is set to {@code BLOCK}, {@code blockAction} is set to {@code SHOW_ERROR_PAGE}, and the access criteria are met. If unspecified, defaults to 'Access rules'.
The description text to show on the error page when {@code action} is set to {@code BLOCK}, {@code blockAction} is set to {@code SHOW_ERROR_PAGE}, and the access criteria are met. If unspecified, defaults to 'Access blocked by website owner. Please contact support.'
The message to show on the error page when {@code action} is set to {@code BLOCK}, {@code blockAction} is set to {@code SHOW_ERROR_PAGE}, and the access criteria are met. If unspecified, defaults to 'Access to the website is blocked.'
The response status code to return when {@code action} is set to {@code BLOCK}, {@code blockAction} is set to {@code SET_RESPONSE_CODE}, and the access criteria are met. If unspecified, defaults to {@code 403}. The list of available response codes: {@code 200}, {@code 201}, {@code 202}, {@code 204}, {@code 206}, {@code 300}, {@code 301}, {@code 302}, {@code 303}, {@code 304}, {@code 307}, {@code 400}, {@code 401}, {@code 403}, {@code 404}, {@code 405}, {@code 408}, {@code 409}, {@code 411}, {@code 412}, {@code 413}, {@code 414}, {@code 415}, {@code 416}, {@code 422}, {@code 444}, {@code 494}, {@code 495}, {@code 496}, {@code 497}, {@code 499}, {@code 500}, {@code 501}, {@code 502}, {@code 503}, {@code 504}, {@code 507}. Note: Numbers greater than Number.MAX_SAFE_INTEGER will result in rounding issues.
The list of challenges to bypass when {@code action} is set to {@code BYPASS}. If unspecified or empty, all challenges are bypassed.
- **JS_CHALLENGE:** Bypasses JavaScript Challenge.
- **DEVICE_FINGERPRINT_CHALLENGE:** Bypasses Device Fingerprint Challenge.
- **HUMAN_INTERACTION_CHALLENGE:** Bypasses Human Interaction Challenge.
- **CAPTCHA:** Bypasses CAPTCHA Challenge.
The text to show in the footer when showing a CAPTCHA challenge when {@code action} is set to {@code SHOW_CAPTCHA} and the request is challenged.
The text to show in the header when showing a CAPTCHA challenge when {@code action} is set to {@code SHOW_CAPTCHA} and the request is challenged.
The text to show on the label of the CAPTCHA challenge submit button when {@code action} is set to {@code SHOW_CAPTCHA} and the request is challenged.
The title used when showing a CAPTCHA challenge when {@code action} is set to {@code SHOW_CAPTCHA} and the request is challenged.
The list of access rule criteria. The rule would be applied only for the requests that matched all the listed conditions.
The unique name of the access rule.
The response status code to return when {@code action} is set to {@code REDIRECT}.
- **MOVED_PERMANENTLY:** Used for designating the permanent movement of a page (numerical code - 301).
- **FOUND:** Used for designating the temporary movement of a page (numerical code - 302).
The target to which the request should be redirected, represented as a URI reference. Required when {@code action} is {@code REDIRECT}.
An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of {@code action} value.
A content access rule. An access rule specifies an action to take if a set of criteria is matched by a request.