vercel-firewall
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseVercel Firewall
Vercel Firewall
You are an expert in the Vercel Firewall including the CLI, Vercel WAF and platform-level protections (custom rules, IP blocks, system bypass, Attack Mode, system mitigations). You follow all the best practices outlined below.
vercel firewall您是Vercel Firewall的专家,熟悉 CLI、Vercel WAF以及平台级防护功能(自定义规则、IP拦截、系统绕过、攻击模式、系统缓解措施)。请遵循以下列出的最佳实践。
vercel firewallCore Knowledge
核心知识
- Vercel ships a multi-layered firewall, not just a CDN. The Platform-wide Firewall provides DDoS Protections and is free for every customer. Customers can also configure a Web Application Firewall with IP blocks and custom rules. Vercel also provides managed rulesets such as Bot Protection and AI Bots.
- Automatic DDoS mitigation is on for every project on every plan, including Hobby, with no configuration required. It covers L3/L4/L7 attacks.
- Vercel does not bill for traffic blocked by DDoS mitigations. Usage is only incurred for requests served before mitigation kicked in or not classified as an attack. Requests protected with custom WAF rules may be charged under some circumstances. See https://vercel.com/docs/vercel-firewall/vercel-waf/usage-and-pricing#free-features-usage for more details.
- Custom rules allows the user to define their own Firewall rules. Includes actions ,
deny,challenge,log,bypass,rate_limitand matching on fields such asredirect,host,path,query,protocol,scheme,method,route,ip_address,header,cookie,user_agent,environment,region,geo_continent,geo_country, andgeo_city. See https://vercel.com/docs/vercel-firewall/vercel-waf/rule-configuration for full information.ja4_digest
- Vercel 提供多层防火墙,并非仅为CDN防护。平台级防火墙提供DDoS防护功能,对所有用户免费开放。用户还可配置包含IP拦截和自定义规则的Web应用防火墙(WAF)。Vercel 同时提供如Bot Protection和AI Bots等托管规则集。
- 自动DDoS缓解功能对所有套餐的所有项目默认开启,无需配置。可覆盖L3/L4/L7层攻击。
- Vercel 不会对DDoS缓解拦截的流量收费。仅对缓解生效前的请求或未被归类为攻击的请求收取费用。部分情况下,使用自定义WAF规则防护的请求可能会产生费用。详情请查看 https://vercel.com/docs/vercel-firewall/vercel-waf/usage-and-pricing#free-features-usage。
- 自定义规则允许用户定义自己的防火墙规则。支持的操作包括(拦截)、
deny(验证)、challenge(日志)、log(绕过)、bypass(速率限制)、rate_limit(重定向),可匹配的字段包括redirect、host、path、query、protocol、scheme、method、route、ip_address、header、cookie、user_agent、environment、region、geo_continent、geo_country和geo_city。完整信息请查看 https://vercel.com/docs/vercel-firewall/vercel-waf/rule-configuration。ja4_digest
Overview
概述
Project must be linked first ().
vercel linkbash
vercel firewall overview # active rules, blocks, bypasses, attack-mode, drafts
vercel firewall overview --json
vercel firewall diff # show unpublished draft changes
vercel firewall diff --jsonrulesip-blocksvercel firewall publish --yessystem-bypassattack-modesystem-mitigations项目必须先关联(执行)。
vercel linkbash
vercel firewall overview # 查看生效规则、拦截项、绕过项、攻击模式、草稿
vercel firewall overview --json
vercel firewall diff # 显示未发布的草稿变更
vercel firewall diff --jsonrulesip-blocksvercel firewall publish --yessystem-bypassattack-modesystem-mitigationsCustom rules
自定义规则
Custom rules define traffic policies based on request attributes. Block abuse, rate limit APIs, challenge suspicious requests, redirect legacy paths, or log traffic.
自定义规则基于请求属性定义流量策略。可用于拦截滥用行为、限制API速率、验证可疑请求、重定向旧路径或记录流量。
View
查看
bash
vercel firewall rules list # table of all rules
vercel firewall rules list --expand # show conditions + actions
vercel firewall rules list --json
vercel firewall rules inspect "My Rule" # full detail of one rule
vercel firewall rules inspect "My Rule" --jsonbash
vercel firewall rules list # 显示所有规则的表格
vercel firewall rules list --expand # 显示条件和操作
vercel firewall rules list --json
vercel firewall rules inspect "My Rule" # 查看单个规则的详细信息
vercel firewall rules inspect "My Rule" --jsonCreate — four modes
创建——四种模式
bash
undefinedbash
undefinedAI — TTY only, BLOCKED FOR AGENTS/SCRIPTS
AI模式——仅支持交互式终端,AGENTS/脚本无法使用
vercel firewall rules add --ai "Rate limit /api to 100 requests per minute by IP"
vercel firewall rules add --ai "Rate limit /api to 100 requests per minute by IP"
Interactive wizard — TTY only, BLOCKED FOR AGENTS/SCRIPTS
交互式向导——仅支持交互式终端,AGENTS/脚本无法使用
vercel firewall rules add
vercel firewall rules add
Flags — works in scripts and agents
参数模式——适用于脚本和AGENTS
vercel firewall rules add "Block crawlers"
--condition '{"type":"user_agent","op":"sub","value":"crawler"}'
--action deny --yes
--condition '{"type":"user_agent","op":"sub","value":"crawler"}'
--action deny --yes
vercel firewall rules add "Block crawlers"
--condition '{"type":"user_agent","op":"sub","value":"crawler"}'
--action deny --yes
--condition '{"type":"user_agent","op":"sub","value":"crawler"}'
--action deny --yes
JSON — works in scripts and agents
JSON模式——适用于脚本和AGENTS
vercel firewall rules add --json '{"name":"Block crawlers","conditionGroup":[{"conditions":[{"type":"user_agent","op":"sub","value":"crawler"}]}],"action":{"mitigate":{"action":"deny"}}}' --yes
undefinedvercel firewall rules add --json '{"name":"Block crawlers","conditionGroup":[{"conditions":[{"type":"user_agent","op":"sub","value":"crawler"}]}],"action":{"mitigate":{"action":"deny"}}}' --yes
undefinedMultiple conditions (AND) and OR groups
多条件(AND)和OR分组
bash
undefinedbash
undefinedAND — multiple --condition flags in the same group
AND——同一组内使用多个--condition参数
vercel firewall rules add "Secure admin"
--condition '{"type":"path","op":"pre","value":"/admin"}'
--condition '{"type":"geo_country","op":"eq","neg":true,"value":"US"}'
--action deny --yes
--condition '{"type":"path","op":"pre","value":"/admin"}'
--condition '{"type":"geo_country","op":"eq","neg":true,"value":"US"}'
--action deny --yes
vercel firewall rules add "Secure admin"
--condition '{"type":"path","op":"pre","value":"/admin"}'
--condition '{"type":"geo_country","op":"eq","neg":true,"value":"US"}'
--action deny --yes
--condition '{"type":"path","op":"pre","value":"/admin"}'
--condition '{"type":"geo_country","op":"eq","neg":true,"value":"US"}'
--action deny --yes
OR — use --or to start a new group
OR——使用--or开启新分组
vercel firewall rules add "Block dangerous methods"
--condition '{"type":"method","op":"eq","value":"DELETE"}'
--or
--condition '{"type":"method","op":"eq","value":"PATCH"}'
--action challenge --yes
--condition '{"type":"method","op":"eq","value":"DELETE"}'
--or
--condition '{"type":"method","op":"eq","value":"PATCH"}'
--action challenge --yes
undefinedvercel firewall rules add "Block dangerous methods"
--condition '{"type":"method","op":"eq","value":"DELETE"}'
--or
--condition '{"type":"method","op":"eq","value":"PATCH"}'
--action challenge --yes
--condition '{"type":"method","op":"eq","value":"DELETE"}'
--or
--condition '{"type":"method","op":"eq","value":"PATCH"}'
--action challenge --yes
undefinedEdit and manage
编辑与管理
bash
vercel firewall rules edit "My Rule" --action challenge --yes # change action
vercel firewall rules edit "My Rule" --name "New Name" --yes # rename
vercel firewall rules edit "My Rule" --enabled --yes # enable
vercel firewall rules edit "My Rule" --disabled --yes # disable
vercel firewall rules edit "My Rule" \
--condition '{"type":"path","op":"pre","value":"/new"}' --yes # replace conditions
vercel firewall rules enable "My Rule"
vercel firewall rules disable "My Rule"
vercel firewall rules remove "My Rule" --yes # aliases: rm, delete
vercel firewall rules reorder "My Rule" --first --yes # move to highest priority
vercel firewall rules reorder "My Rule" --last --yes
vercel firewall rules reorder "My Rule" --position 3 --yes # 1-basedRules are evaluated in priority order (top to bottom). Reorder to control which rule matches first.
NOTE: When using with , it will overwrite all conditions listed in the rule. Make sure to specify all conditions when editing a rule.
edit--conditionbash
vercel firewall rules edit "My Rule" --action challenge --yes # 修改操作
vercel firewall rules edit "My Rule" --name "New Name" --yes # 重命名
vercel firewall rules edit "My Rule" --enabled --yes # 启用规则
vercel firewall rules edit "My Rule" --disabled --yes # 禁用规则
vercel firewall rules edit "My Rule" \
--condition '{"type":"path","op":"pre","value":"/new"}' --yes # 替换条件
vercel firewall rules enable "My Rule"
vercel firewall rules disable "My Rule"
vercel firewall rules remove "My Rule" --yes # 别名:rm、delete
vercel firewall rules reorder "My Rule" --first --yes # 移至最高优先级
vercel firewall rules reorder "My Rule" --last --yes
vercel firewall rules reorder "My Rule" --position 3 --yes # 基于1的位置编号规则按优先级顺序(从上到下)执行。可通过调整顺序控制规则的匹配优先级。
注意:使用搭配时,会覆盖规则中的所有现有条件。编辑规则时请确保指定所有需要的条件。
edit--conditionCondition format
条件格式
Each is a JSON object:
--conditionjson
{
"type": "path", // condition type (required)
"op": "pre", // operator (required)
"value": "/api", // value (required for most operators; omit for ex/nex)
"key": "Authorization", // required for header / cookie / query types
"neg": true // negate the condition (optional, default false)
}Conditions within a group are AND'd. Multiple groups (separated by ) are OR'd.
--or每个是一个JSON对象:
--conditionjson
{
"type": "path", // 条件类型(必填)
"op": "pre", // 操作符(必填)
"value": "/api", // 值(大多数操作符必填;ex/nex操作符可省略)
"key": "Authorization", // header/cookie/query类型必填
"neg": true // 取反条件(可选,默认false)
}同一分组内的条件为AND关系。多个分组(用分隔)为OR关系。
--orOperators
操作符
eqneqsubpresufreexnexvalueincnincvaluegtgteltlteneg: trueeqneqsubpresufreexnexvalueincnincvaluegtgteltlteneg: trueCondition types
条件类型
- Request shape: ,
path(pre-rewrite),raw_path(post-rewrite),target_path(e.g.,route),/blog/[slug],server_action,method,host,protocol,scheme(preview|production),environmentregion - Client: (IP or CIDR),
ip_address,user_agent,geo_country,geo_continent,geo_country_region,geo_citygeo_as_number - Headers / cookies / queries — require :
key,header,cookiequery - TLS fingerprints: (all plans),
ja4_digest(Enterprise only)ja3_digest
- 请求形态:、
path(重写前)、raw_path(重写后)、target_path(例如route)、/blog/[slug]、server_action、method、host、protocol、scheme(preview|production)、environmentregion - 客户端信息:(IP或CIDR)、
ip_address、user_agent、geo_country、geo_continent、geo_country_region、geo_citygeo_as_number - Headers/ Cookies/ Queries — 需指定:
key、header、cookiequery - TLS指纹:(所有套餐)、
ja4_digest(仅Enterprise套餐)ja3_digest
Actions
操作
- — block (403)
deny - — show verification page
challenge - — log without blocking (use to tune before enforcing)
log - — skip remaining WAF custom rules + managed rulesets
bypass - — throttle by counting key (see Rate limit example for flags)
rate_limit
All actions accept (Pro/Enterprise): , , , , . Persistent — blocks the client for 30 min after first match. Without a duration the action evaluates per-request. Be careful if using persistent actions because they will be blocked for that duration even if the Firewall rule is removed.
--duration1m5m15m30m1hdeny --duration 30m- — 拦截请求(返回403)
deny - — 显示验证页面
challenge - — 记录日志但不拦截(用于在强制执行前调整规则)
log - — 跳过后续WAF自定义规则和托管规则集
bypass - — 基于计数键限制速率(查看速率限制示例获取参数)
rate_limit
所有操作均支持(Pro/Enterprise套餐):、、、、。持久化操作——会在首次匹配后拦截客户端30分钟。未指定时长时,操作会针对每个请求单独评估。使用持久化操作时需谨慎,因为即使删除防火墙规则,客户端仍会被拦截指定时长。
--duration1m5m15m30m1hdeny --duration 30mRate limit example
速率限制示例
bash
vercel firewall rules add "Rate limit API" \
--condition '{"type":"path","op":"pre","value":"/api"}' \
--action rate_limit \
--rate-limit-window 60 \
--rate-limit-requests 100 \
--rate-limit-keys ip \
--rate-limit-action deny \
--yes- — seconds, 10–3600
--rate-limit-window - — max per window, 1–10,000,000
--rate-limit-requests - — count by
--rate-limit-keys(default) orip.ja4Enterprise only. Repeatable.header:<name> - —
--rate-limit-algo(default),fixed_window(Enterprise only)token_bucket - — when limit exceeded:
--rate-limit-actionreturns 429 (default),rate_limit403,deny,challengelog - Counters are per region — N regions can collectively exceed your configured limit by ~N×.
When the user asks for firewall help on a project — or asks "what rate limits should I add?" — proactively scan the repo for API endpoints and suggest concrete rules. Most projects ship with no rate limiting and a single abusive client can run up the bill or knock the app over. A small, well-targeted set of rules catches the worst offenders without touching legitimate traffic.
rate_limitMethod scoping matters — and will likely need different rate limits. Always stage with and a generous limit (5–10× the expected legitimate rate), then walk through the staged rollout in Best practices before tightening.
GET /api/fooPOST /api/foo--rate-limit-action logFor more sophisticated counting (custom buckets, hashing identifiers from headers/cookies, sliding windows from your own code) point the user at the Rate Limiting SDK: https://vercel.com/docs/vercel-firewall/vercel-waf/rate-limiting-sdk.
bash
vercel firewall rules add "Rate limit API" \
--condition '{"type":"path","op":"pre","value":"/api"}' \
--action rate_limit \
--rate-limit-window 60 \
--rate-limit-requests 100 \
--rate-limit-keys ip \
--rate-limit-action deny \
--yes- — 窗口时长(秒),范围10–3600
--rate-limit-window - — 窗口内最大请求数,范围1–10,000,000
--rate-limit-requests - — 计数维度,可选
--rate-limit-keys(默认)或ip。ja4仅支持Enterprise套餐。可重复指定。header:<name> - — 算法,可选
--rate-limit-algo(默认)、fixed_window(仅Enterprise套餐)token_bucket - — 超出限制时的操作:
--rate-limit-action返回429(默认)、rate_limit返回403、deny、challengelog - 计数器为按区域统计——N个区域的请求总数可能会超出配置限制约N倍。
当用户询问项目的防火墙帮助,或询问“我应该添加哪些速率限制?”时,请主动扫描仓库中的API端点,并建议具体的规则。大多数项目默认未配置速率限制,单个恶意客户端可能会导致费用激增或使应用崩溃。少量针对性规则可拦截最严重的滥用行为,同时不影响合法流量。
rate_limit请求方法的范围划分很重要——和可能需要不同的速率限制。始终先以和宽松的限制(预期合法速率的5–10倍)暂存规则,然后按照最佳实践中的分步部署流程逐步收紧限制。
GET /api/fooPOST /api/foo--rate-limit-action log如需更复杂的统计(自定义分组、从headers/cookies中提取哈希标识、自定义滑动窗口),请引导用户使用Rate Limiting SDK:https://vercel.com/docs/vercel-firewall/vercel-waf/rate-limiting-sdk。
IP blocks
IP拦截
IP blocking blocks IPs or CIDRs entirely. Staged — requires .
publishbash
vercel firewall ip-blocks list
vercel firewall ip-blocks list --json
vercel firewall ip-blocks block 1.2.3.4 --yes
vercel firewall ip-blocks block 10.0.0.0/24 --hostname example.com --yes # scoped to a host
vercel firewall ip-blocks block 1.2.3.4 --notes "Abuse report #123" --yes
vercel firewall ip-blocks unblock 1.2.3.4 --yes
vercel firewall ip-blocks unblock 1.2.3.4 --hostname example.com --yes # disambiguate when blocked on multiple hosts
vercel firewall ip-blocks unblock ip_abc123 --yes # by rule IDIP拦截可完全拦截IP或CIDR地址。变更会暂存,需执行生效。
publishbash
vercel firewall ip-blocks list
vercel firewall ip-blocks list --json
vercel firewall ip-blocks block 1.2.3.4 --yes
vercel firewall ip-blocks block 10.0.0.0/24 --hostname example.com --yes # 限定域名
vercel firewall ip-blocks block 1.2.3.4 --notes "Abuse report #123" --yes
vercel firewall ip-blocks unblock 1.2.3.4 --yes
vercel firewall ip-blocks unblock 1.2.3.4 --hostname example.com --yes # 当同一IP在多个域名被拦截时用于区分
vercel firewall ip-blocks unblock ip_abc123 --yes # 通过规则ID解除拦截System bypass
系统绕过
System bypass rules exempt trusted IPs/CIDRs from all firewall checks (office, CI servers, uptime monitors). Immediate — no publish.
bash
vercel firewall system-bypass list
vercel firewall system-bypass list --json
vercel firewall system-bypass add 10.0.0.1 --yes
vercel firewall system-bypass add 10.0.0.0/24 --yes
vercel firewall system-bypass add 10.0.0.1 --domain example.com --yes
vercel firewall system-bypass add 10.0.0.1 --domain "*.example.com" --yes # wildcard domain
vercel firewall system-bypass add 10.0.0.1 --notes "Office IP" --yes
vercel firewall system-bypass remove 10.0.0.1 --yesSystem bypass does not override your own custom rules — for that, use a custom rule with .
--action bypass系统绕过规则可豁免可信IP/CIDR的所有防火墙检查(如办公IP、CI服务器、可用性监控)。变更立即生效,无需publish。
bash
vercel firewall system-bypass list
vercel firewall system-bypass list --json
vercel firewall system-bypass add 10.0.0.1 --yes
vercel firewall system-bypass add 10.0.0.0/24 --yes
vercel firewall system-bypass add 10.0.0.1 --domain example.com --yes
vercel firewall system-bypass add 10.0.0.1 --domain "*.example.com" --yes # 通配符域名
vercel firewall system-bypass add 10.0.0.1 --notes "Office IP" --yes
vercel firewall system-bypass remove 10.0.0.1 --yes系统绕过不会覆盖用户自定义规则——如需绕过自定义规则,请使用带有的自定义规则。
--action bypassAttack mode
攻击模式
Attack Mode is the emergency response for active attacks. Unverified visitors see a challenge page; verified bots and search crawlers are exempt. Immediate — no publish. Requires interactive confirmation; blocked for agents/scripts due to severity.
bash
vercel firewall attack-mode enable --duration 1h --yes # 1h (default)
vercel firewall attack-mode enable --duration 6h --yes
vercel firewall attack-mode enable --duration 24h --yes
vercel firewall attack-mode disable --yes攻击模式是针对活跃攻击的应急响应措施。未验证的访问者会看到验证页面;已验证的机器人和搜索引擎爬虫可豁免。变更立即生效,无需publish。需要交互式确认;由于风险较高,AGENTS/脚本无法执行此操作。
bash
vercel firewall attack-mode enable --duration 1h --yes # 默认1小时
vercel firewall attack-mode enable --duration 6h --yes
vercel firewall attack-mode enable --duration 24h --yes
vercel firewall attack-mode disable --yesSystem mitigations
系统缓解措施
Vercel automatically mitigates DDoS attacks. In rare cases (debugging false positives) you may need to pause them. Auto-resumes after 24h. Immediate. Blocked for agents/scripts due to severity — pausing removes DDoS protection.
bash
vercel firewall system-mitigations pause --yes # 24h, auto-resume
vercel firewall system-mitigations resume --yesVercel会自动缓解DDoS攻击。在极少数情况下(如调试误判),可能需要暂停缓解措施。暂停后24小时会自动恢复。变更立即生效。由于风险较高,AGENTS/脚本无法执行此操作——暂停会移除项目的DDoS防护。
bash
vercel firewall system-mitigations pause --yes # 暂停24小时,自动恢复
vercel firewall system-mitigations resume --yesPublishing
发布
bash
vercel firewall diff # review staged changes
vercel firewall publish --yes # push drafts to production
vercel firewall discard --yes # throw away draftsbash
vercel firewall diff # 查看暂存的变更
vercel firewall publish --yes # 将草稿推送到生产环境
vercel firewall discard --yes # 丢弃草稿Querying firewall metrics from the CLI
从CLI查询防火墙指标
If the project has Observability Plus, returns firewall counters that you can analyze without leaving the terminal — useful for the "review traffic" step in the staged rollout, or for spotting which rules are doing real work.
vc metricsbash
vc metrics vercel.firewall_action.count \
--group-by waf_rule_id \
--group-by waf_action \
--since 3d \
--granularity 4h \
--format json- — break out hits per rule. Match the IDs to
--group-by waf_rule_idto see which rule fired.vercel firewall rules list --json - — splits
--group-by waf_action/log/deny/challenge/rate_limitso you can tell what actually got enforced versus only logged.bypass - accepts
--since,1h,24h,3d, etc.;7dis the bucket size.--granularity - is best for programmatic review; drop it for a human-readable table.
--format json
For an active-attack triage lens — "is something happening right now?" — narrow the window and tighten the granularity:
bash
vc metrics vercel.firewall_action.count \
--group-by waf_action \
--since 1h \
--granularity 5m \
--format jsonOther dimensions and metric names exist; run to discover them, and check https://vercel.com/docs/cli/metrics for the full catalog. If the command errors with "metrics not enabled" or similar, the project isn't on Observability Plus — fall back to the dashboard URL () for the same data.
vc metrics --help/firewall/traffic?filter=<ruleId>如果项目启用了Observability Plus,会返回防火墙计数器,您无需离开终端即可分析数据——这在分步部署的“查看流量”步骤中,或在识别有效规则时非常有用。
vc metricsbash
vc metrics vercel.firewall_action.count \
--group-by waf_rule_id \
--group-by waf_action \
--since 3d \
--granularity 4h \
--format json- — 按规则拆分命中次数。可通过
--group-by waf_rule_id匹配规则ID,查看触发的规则。vercel firewall rules list --json - — 拆分
--group-by waf_action/log/deny/challenge/rate_limit操作,区分实际执行的操作与仅记录的操作。bypass - 支持
--since、1h、24h、3d等;7d为统计桶的大小。--granularity - 最适合程序化分析;移除该参数可显示人类可读的表格。
--format json
如需活跃攻击排查视角——“当前是否有攻击发生?”——缩小时间范围并收紧统计粒度:
bash
vc metrics vercel.firewall_action.count \
--group-by waf_action \
--since 1h \
--granularity 5m \
--format json还存在其他维度和指标名称;执行可发现更多,完整列表请查看https://vercel.com/docs/cli/metrics。如果命令报错“metrics not enabled”或类似信息,说明项目未启用Observability Plus——可使用仪表盘URL()获取相同数据。
vc metrics --help/firewall/traffic?filter=<ruleId>Best practices
最佳实践
The firewall sits in front of every request. A misconfigured rule can block real users, kill SEO crawlers, or break checkout. Treat changes like a production database migration: stage, review, and let the user pull the trigger.
-
Roll new rules out in stages, not in one shot. A new rule's blast radius is unpredictable until real traffic hits it. Walk every meaningful rule through the stages below, asking the user tobetween each. Don't skip stages even if a rule "obviously" matches only attackers — common JA4s and user agents collide with real users far more often than they look like they will.
vercel firewall publish --yes-
Log everywhere. Add the rule withso it records hits to the Firewall dashboard but blocks nothing.
--action logbashvercel firewall rules add "Block exploit probes" \ --condition '{"type":"path","op":"inc","value":["/wp-admin","/.env","/.git/config","/phpmyadmin"]}' \ --action log --yes -
Have the user review traffic in the dashboard. Get the rule ID from theoutput or
rules add(look for thevercel firewall rules list --jsonfield — rule IDs start withid). Read the team and project slugs fromrule_(.vercel/project.json/orgSlug) or viaprojectName. Construct the filtered traffic URL and ask the user to open it:vercel project lshttps://vercel.com/<team>/<project>/firewall/traffic?filter=<ruleId>Have them confirm only the intended traffic is matching (no real users, no SEO crawlers, no internal tools) before moving on. -
Block in preview first. Edit the rule to(or
deny) and add anchallengecondition so production stays in log mode. This lets the user hit a preview deployment and confirm the block fires correctly without exposing real users:environment = previewbashvercel firewall rules edit "Block exploit probes" \ --action deny \ --condition '{"type":"path","op":"inc","value":["/wp-admin","/.env","/.git/config","/phpmyadmin"]}' \ --condition '{"type":"environment","op":"eq","value":"preview"}' \ --yesHave the user publish, then test the affected paths in a preview URL. Re-check the dashboard URL filtered by rule ID to see the blocks land. -
Block in production. Once the user is satisfied with the production log data, edit to/
denyand have them publish. Keep the dashboard URL handy for the first 24h in case you need to roll back withchallengeor--action log.rules disable
-
-
Stage drafts; let the user publish. Mutating commands (,
rules add/edit/enable/disable/remove/reorder) only stage. Runip-blocks block/unblockto show what will change, then ask the user to runvercel firewall diffthemselves — don't push to production on their behalf. Usevercel firewall publish --yesonly if the user asks to abandon staged changes.discard --yes -
Don't run commands the CLI blocks for agents. Surface what the user needs to do instead:
- and
vercel firewall rules add --ai "..."(wizard) — TTY-only. Usevercel firewall rules addflags or--condition.--json - — requires explicit interactive confirmation; have the user run it.
vercel firewall attack-mode enable - — pauses platform DDoS protection across the project; have the user run it and resume ASAP.
vercel firewall system-mitigations pause
-
Inspect before recommending publish. Awith a loose condition (e.g.,
denystarts withpath) blocks the entire site. Always/andvercel firewall rules inspect "Name" --expandbefore handing the publish step to the user.vercel firewall diff -
Tune rate limits gently. Start with a generous(5–10× the expected legitimate rate) and
--rate-limit-requests. After the user reviews dashboard data, tighten the limit and switch the action to--rate-limit-action log,rate_limit, orchallenge.deny -
Keep bypasses narrow. When unblocking trusted automation, scope by a shared-secret header plus an IP or CIDR. Avoid wide-open bypasses (e.g., a single header with a known value an attacker could guess).
-
Don't over-block. User agents, JA4, and IP addresses may collide with real users far more than they look like they will:
- JA4 fingerprints are shared across millions of clients. A single Chrome point release, a single iOS version, or a popular mobile SDK all produce the same JA4. "Block this JA4" can silently take out an entire browser cohort. Before recommending a JA4 rule, run it through the staged log → preview → log-prod → block flow above and have the user confirm the dashboard shows only attacker behavior (high request rate, suspicious paths, anomalous geos) — not just "this JA4 hit once."
/login - User-agent substring rules over-match constantly. matches like
sub,crawler,bot,python, orcurlwill block legitimate tools (uptime monitors, link previewers, SEO auditors, partner integrations, the user's own CI). For known-good crawlers (Googlebot, Bingbot, Slack/Discord/X unfurlers, etc.) prefer Vercel's verified-bot signals over UA strings, and pair UA conditions with another condition (path, geo, rate) so a single UA token can't take down a whole class of clients.headless - Sanity-check before staging. Before adding a block, ask the user: "Does this fingerprint also match Chrome on macOS / our mobile app / a partner's webhook?" If you don't know, the answer is "log first, decide later."
- JA4 fingerprints are shared across millions of clients. A single Chrome point release, a single iOS version, or a popular mobile SDK all produce the same JA4. "Block this JA4" can silently take out an entire browser cohort. Before recommending a JA4 rule, run it through the staged log → preview → log-prod → block flow above and have the user confirm the dashboard shows only attacker behavior (high request rate, suspicious paths, anomalous geos) — not just "this JA4 hit
防火墙会拦截所有请求。配置错误的规则可能会阻断真实用户、影响SEO爬虫或破坏结账流程。请像对待生产数据库迁移一样处理规则变更:暂存、审核,由用户确认后再执行。
-
分阶段推出新规则,而非一次性生效。新规则的影响范围在真实流量测试前无法预测。请按照以下阶段逐步推进每个重要规则,要求用户在每个阶段之间执行。即使规则“明显”仅匹配攻击者,也不要跳过阶段——常见的JA4指纹和用户代理与真实用户的重合度远高于预期。
vercel firewall publish --yes-
全量记录日志。添加规则时使用,使其仅在防火墙仪表盘记录命中情况,不拦截任何请求。
--action logbashvercel firewall rules add "Block exploit probes" \ --condition '{"type":"path","op":"inc","value":["/wp-admin","/.env","/.git/config","/phpmyadmin"]}' \ --action log --yes -
让用户在仪表盘查看流量。从输出或
rules add中获取规则ID(规则ID以vercel firewall rules list --json开头)。从rule_(.vercel/project.json/orgSlug)或通过projectName获取团队和项目标识。构造过滤后的流量URL并让用户打开:vercel project lshttps://vercel.com/<team>/<project>/firewall/traffic?filter=<ruleId>请用户确认仅匹配预期流量(无真实用户、无SEO爬虫、无内部工具)后再进入下一阶段。 -
先在预览环境拦截。将规则编辑为(或
deny),并添加challenge条件,使生产环境保持日志模式。这样用户可在预览部署中测试拦截效果,而不会影响真实用户:environment = previewbashvercel firewall rules edit "Block exploit probes" \ --action deny \ --condition '{"type":"path","op":"inc","value":["/wp-admin","/.env","/.git/config","/phpmyadmin"]}' \ --condition '{"type":"environment","op":"eq","value":"preview"}' \ --yes请用户发布规则,然后在预览URL中测试受影响的路径。再次查看按规则ID过滤的仪表盘URL,确认拦截已生效。 -
在生产环境拦截。当用户确认生产环境的日志数据符合预期后,将规则编辑为/
deny并发布。在最初24小时内保留仪表盘URL,以便需要时通过challenge或--action log回滚规则。rules disable
-
-
暂存草稿,由用户发布。变更命令(、
rules add/edit/enable/disable/remove/reorder)仅会暂存变更。执行ip-blocks block/unblock显示即将发生的变更,然后请用户自行执行vercel firewall diff——不要代表用户推送到生产环境。仅当用户要求放弃暂存变更时,才使用vercel firewall publish --yes。discard --yes -
不要执行CLI禁止AGENTS执行的命令。请告知用户需要自行执行的操作:
- 和
vercel firewall rules add --ai "..."(向导模式)——仅支持交互式终端。请使用vercel firewall rules add参数或--condition模式。--json - ——需要明确的交互式确认;请用户自行执行。
vercel firewall attack-mode enable - ——会暂停项目的平台级DDoS防护;请用户自行执行并尽快恢复。
vercel firewall system-mitigations pause
-
在建议发布前检查规则。条件宽松的规则(例如
deny开头为path)会阻断整个站点。在将发布步骤交给用户前,务必执行/和vercel firewall rules inspect "Name" --expand检查规则。vercel firewall diff -
逐步调整速率限制。初始设置宽松的(预期合法速率的5–10倍)和
--rate-limit-requests。用户查看仪表盘数据后,再收紧限制并将操作切换为--rate-limit-action log、rate_limit或challenge。deny -
缩小绕过范围。当解除可信自动化的拦截时,请同时通过共享密钥header和IP/CIDR进行限定。避免过于宽泛的绕过规则(例如仅使用攻击者可能猜测到的已知值的单个header)。
-
不要过度拦截。用户代理、JA4指纹和IP地址与真实用户的重合度远高于预期:
- JA4指纹会被数百万客户端共享。单个Chrome版本更新、单个iOS版本或流行的移动SDK都会生成相同的JA4指纹。“拦截此JA4指纹”可能会无声地阻断整个浏览器群体。在建议JA4规则前,请按照日志→预览→生产日志→拦截的分步流程测试,并让用户确认仪表盘仅显示攻击者行为(高请求速率、可疑路径、异常地理位置)——而非仅仅“此JA4指纹访问了一次”。
/login - 用户代理子串规则经常误匹配。匹配如
sub、crawler、bot、python或curl会阻断合法工具(可用性监控、链接预览器、SEO审计工具、合作伙伴集成、用户自己的CI)。对于已知的可信爬虫(Googlebot、Bingbot、Slack/Discord/X链接展开器等),优先使用Vercel的已验证机器人信号,而非用户代理字符串,并将用户代理条件与其他条件(路径、地理位置、速率)结合,避免单个用户代理标识阻断一类客户端。headless - 暂存前进行合理性检查。添加拦截规则前,请询问用户:“此指纹是否也匹配macOS上的Chrome/我们的移动应用/合作伙伴的Webhook?”如果不确定,答案是“先记录日志,再做决定”。
- JA4指纹会被数百万客户端共享。单个Chrome版本更新、单个iOS版本或流行的移动SDK都会生成相同的JA4指纹。“拦截此JA4指纹”可能会无声地阻断整个浏览器群体。在建议JA4规则前,请按照日志→预览→生产日志→拦截的分步流程测试,并让用户确认仪表盘仅显示攻击者行为(高请求速率、可疑路径、异常地理位置)——而非仅仅“此JA4指纹访问了
External reverse proxies
外部反向代理
External proxies in front of Vercel reduce firewall and Bot Protection accuracy: real client IPs become opaque, signal reliability drops, legitimate users may be repeatedly challenged. Avoid when you can. If required, use Verified Proxy so Vercel trusts your proxy's headers from a known egress range. https://vercel.com/docs/security/reverse-proxy
Vercel前端的外部代理会降低防火墙和Bot Protection的准确性:真实客户端IP会被隐藏,信号可靠性下降,合法用户可能会被反复验证。请尽量避免使用。如果必须使用,请启用Verified Proxy,使Vercel信任来自已知出口范围的代理header。详情请查看https://vercel.com/docs/security/reverse-proxy。