> ## Documentation Index > Fetch the complete documentation index at: https://docs.bunny.net/llms.txt > Use this file to discover all available pages before exploring further. # Retrieve custom WAF rules configured for the specified Shield Zone ## OpenAPI ````yaml https://api.bunny.net/shield/docs/v1/swagger.json get /shield/waf/custom-rules/{shieldZoneId} openapi: 3.0.4 info: title: Bunny Shield API description: >- Bunny.net API for Bunny Shield (WAF, DDoS, Rate Limiting, Bot Detection, Access Lists & API Guardian). version: v1 servers: - url: https://api.bunny.net security: [] paths: /shield/waf/custom-rules/{shieldZoneId}: get: tags: - WAF summary: Retrieve custom WAF rules configured for the specified Shield Zone operationId: Get Custom WAF Rules parameters: - name: shieldZoneId in: path description: The ID of the Shield Zone associated with the Custom WAF Rules. required: true schema: type: integer description: The ID of the Shield Zone associated with the Custom WAF Rules. format: int64 - name: page in: query description: (Optional) The page number of results. schema: type: integer description: (Optional) The page number of results. format: int32 default: 1 - name: perPage in: query description: '(Optional) (Default: 10) The amount of results returned on one page.' schema: type: integer description: >- (Optional) (Default: 10) The amount of results returned on one page. format: int32 default: 10 responses: '200': description: OK content: text/plain: schema: $ref: '#/components/schemas/GetCustomWafRulesResponse' application/json: schema: $ref: '#/components/schemas/GetCustomWafRulesResponse' text/json: schema: $ref: '#/components/schemas/GetCustomWafRulesResponse' '401': description: Unauthorized content: text/plain: schema: $ref: '#/components/schemas/UnauthorizedResult' application/json: schema: $ref: '#/components/schemas/UnauthorizedResult' text/json: schema: $ref: '#/components/schemas/UnauthorizedResult' '500': description: Internal Server Error components: schemas: GetCustomWafRulesResponse: type: object properties: data: type: array items: $ref: '#/components/schemas/CustomWafRule' nullable: true page: $ref: '#/components/schemas/PaginationResponse' error: $ref: '#/components/schemas/GenericRequestResponse' additionalProperties: false UnauthorizedResult: type: object properties: statusCode: type: integer format: int32 additionalProperties: false CustomWafRule: type: object properties: id: type: integer format: int64 shieldZoneId: type: integer format: int64 userId: type: string nullable: true ruleName: type: string nullable: true ruleDescription: type: string nullable: true ruleJson: type: string nullable: true ruleConfiguration: $ref: '#/components/schemas/CreateCustomWafRuleModel' errorResponse: $ref: '#/components/schemas/GenericRequestResponse' additionalProperties: false PaginationResponse: type: object properties: totalCount: type: integer format: int32 totalPages: type: integer format: int32 currentPage: type: integer format: int32 nextPage: type: integer format: int32 nullable: true pageSize: type: integer format: int32 additionalProperties: false GenericRequestResponse: type: object properties: statusCode: $ref: '#/components/schemas/HttpStatusCode' success: type: boolean description: Indicates whether the operation was successful. message: type: string description: Human-readable message describing the result of the operation. nullable: true errorKey: type: string description: Unique error key for programmatic error handling, if applicable. nullable: true additionalProperties: false description: >- Generic response object containing status information for API operations. CreateCustomWafRuleModel: type: object properties: actionType: $ref: '#/components/schemas/WafRuleActionType' variableTypes: type: object properties: REQUEST_URI: type: string REQUEST_URI_RAW: type: string ARGS: type: string ARGS_COMBINED_SIZE: type: string ARGS_GET: type: string ARGS_GET_NAMES: type: string ARGS_POST: type: string ARGS_POST_NAMES: type: string FILES_NAMES: type: string GEO: type: string REMOTE_ADDR: type: string QUERY_STRING: type: string REQUEST_BASENAME: type: string REQUEST_BODY: type: string REQUEST_COOKIES_NAMES: type: string REQUEST_COOKIES: type: string REQUEST_FILENAME: type: string REQUEST_HEADERS_NAMES: type: string REQUEST_HEADERS: type: string REQUEST_LINE: type: string REQUEST_METHOD: type: string REQUEST_PROTOCOL: type: string RESPONSE_BODY: type: string RESPONSE_HEADERS: type: string RESPONSE_STATUS: type: string FINGERPRINT: type: string VERIFIED_BOT_CATEGORY: type: string additionalProperties: false nullable: true operatorType: $ref: '#/components/schemas/WafRuleOperatorType' severityType: $ref: '#/components/schemas/WafRuleSeverityType' transformationTypes: type: array items: $ref: '#/components/schemas/WafRuleTransformationType' nullable: true value: type: string nullable: true chainedRuleConditions: type: array items: $ref: '#/components/schemas/WafChainedRuleConditionItem' nullable: true additionalProperties: false HttpStatusCode: enum: - 100 - 101 - 102 - 103 - 200 - 201 - 202 - 203 - 204 - 205 - 206 - 207 - 208 - 226 - 300 - 301 - 302 - 303 - 304 - 305 - 306 - 307 - 308 - 400 - 401 - 402 - 403 - 404 - 405 - 406 - 407 - 408 - 409 - 410 - 411 - 412 - 413 - 414 - 415 - 416 - 417 - 421 - 422 - 423 - 424 - 426 - 428 - 429 - 431 - 451 - 500 - 501 - 502 - 503 - 504 - 505 - 506 - 507 - 508 - 510 - 511 type: integer description: |- 100 = Continue 101 = SwitchingProtocols 102 = Processing 103 = EarlyHints 200 = OK 201 = Created 202 = Accepted 203 = NonAuthoritativeInformation 204 = NoContent 205 = ResetContent 206 = PartialContent 207 = MultiStatus 208 = AlreadyReported 226 = IMUsed 300 = MultipleChoices 300 = Ambiguous 301 = MovedPermanently 301 = Moved 302 = Found 302 = Redirect 303 = SeeOther 303 = RedirectMethod 304 = NotModified 305 = UseProxy 306 = Unused 307 = TemporaryRedirect 307 = RedirectKeepVerb 308 = PermanentRedirect 400 = BadRequest 401 = Unauthorized 402 = PaymentRequired 403 = Forbidden 404 = NotFound 405 = MethodNotAllowed 406 = NotAcceptable 407 = ProxyAuthenticationRequired 408 = RequestTimeout 409 = Conflict 410 = Gone 411 = LengthRequired 412 = PreconditionFailed 413 = RequestEntityTooLarge 414 = RequestUriTooLong 415 = UnsupportedMediaType 416 = RequestedRangeNotSatisfiable 417 = ExpectationFailed 421 = MisdirectedRequest 422 = UnprocessableEntity 422 = UnprocessableContent 423 = Locked 424 = FailedDependency 426 = UpgradeRequired 428 = PreconditionRequired 429 = TooManyRequests 431 = RequestHeaderFieldsTooLarge 451 = UnavailableForLegalReasons 500 = InternalServerError 501 = NotImplemented 502 = BadGateway 503 = ServiceUnavailable 504 = GatewayTimeout 505 = HttpVersionNotSupported 506 = VariantAlsoNegotiates 507 = InsufficientStorage 508 = LoopDetected 510 = NotExtended 511 = NetworkAuthenticationRequired format: int32 x-enum-varnames: - Continue - SwitchingProtocols - Processing - EarlyHints - OK - Created - Accepted - NonAuthoritativeInformation - NoContent - ResetContent - PartialContent - MultiStatus - AlreadyReported - IMUsed - MultipleChoices - Ambiguous - MovedPermanently - Moved - Found - Redirect - SeeOther - RedirectMethod - NotModified - UseProxy - Unused - TemporaryRedirect - RedirectKeepVerb - PermanentRedirect - BadRequest - Unauthorized - PaymentRequired - Forbidden - NotFound - MethodNotAllowed - NotAcceptable - ProxyAuthenticationRequired - RequestTimeout - Conflict - Gone - LengthRequired - PreconditionFailed - RequestEntityTooLarge - RequestUriTooLong - UnsupportedMediaType - RequestedRangeNotSatisfiable - ExpectationFailed - MisdirectedRequest - UnprocessableEntity - UnprocessableContent - Locked - FailedDependency - UpgradeRequired - PreconditionRequired - TooManyRequests - RequestHeaderFieldsTooLarge - UnavailableForLegalReasons - InternalServerError - NotImplemented - BadGateway - ServiceUnavailable - GatewayTimeout - HttpVersionNotSupported - VariantAlsoNegotiates - InsufficientStorage - LoopDetected - NotExtended - NetworkAuthenticationRequired WafRuleActionType: enum: - 1 - 2 - 3 - 4 - 5 type: integer description: |- 1 = Block 2 = Log 3 = Challenge 4 = Allow 5 = Bypass format: int32 x-enum-varnames: - Block - Log - Challenge - Allow - Bypass WafRuleOperatorType: enum: - 0 - 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 12 - 14 - 15 - 17 - 18 type: integer description: |- 0 = BEGINSWITH 1 = ENDSWITH 2 = CONTAINS 3 = CONTAINSWORD 4 = STRMATCH 5 = EQ 6 = GE 7 = GT 8 = LE 9 = LT 12 = WITHIN 14 = RX 15 = STREQ 17 = DETECTSQLI 18 = DETECTXSS format: int32 x-enum-varnames: - BEGINSWITH - ENDSWITH - CONTAINS - CONTAINSWORD - STRMATCH - EQ - GE - GT - LE - LT - WITHIN - RX - STREQ - DETECTSQLI - DETECTXSS WafRuleSeverityType: enum: - 0 - 1 - 2 type: integer description: |- 0 = NOTICE 1 = WARNING 2 = CRITICAL format: int32 x-enum-varnames: - NOTICE - WARNING - CRITICAL WafRuleTransformationType: enum: - 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10 - 11 - 12 - 13 - 14 - 15 - 16 - 17 - 18 - 19 - 20 - 21 type: integer description: |- 1 = CMDLINE 2 = COMPRESSWHITESPACE 3 = CSSDECODE 4 = HEXENCODE 5 = HTMLENTITYDECODE 6 = JSDECODE 7 = LENGTH 8 = LOWERCASE 9 = MD5 10 = NORMALIZEPATH 11 = NORMALISEPATH 12 = NORMALIZEPATHWIN 13 = NORMALISEPATHWIN 14 = REMOVECOMMENTS 15 = REMOVENULLS 16 = REMOVEWHITESPACE 17 = REPLACECOMMENTS 18 = SHA1 19 = URLDECODE 20 = URLDECODEUNI 21 = UTF8TOUNICODE format: int32 x-enum-varnames: - CMDLINE - COMPRESSWHITESPACE - CSSDECODE - HEXENCODE - HTMLENTITYDECODE - JSDECODE - LENGTH - LOWERCASE - MD5 - NORMALIZEPATH - NORMALISEPATH - NORMALIZEPATHWIN - NORMALISEPATHWIN - REMOVECOMMENTS - REMOVENULLS - REMOVEWHITESPACE - REPLACECOMMENTS - SHA1 - URLDECODE - URLDECODEUNI - UTF8TOUNICODE WafChainedRuleConditionItem: type: object properties: variableTypes: type: object properties: REQUEST_URI: type: string REQUEST_URI_RAW: type: string ARGS: type: string ARGS_COMBINED_SIZE: type: string ARGS_GET: type: string ARGS_GET_NAMES: type: string ARGS_POST: type: string ARGS_POST_NAMES: type: string FILES_NAMES: type: string GEO: type: string REMOTE_ADDR: type: string QUERY_STRING: type: string REQUEST_BASENAME: type: string REQUEST_BODY: type: string REQUEST_COOKIES_NAMES: type: string REQUEST_COOKIES: type: string REQUEST_FILENAME: type: string REQUEST_HEADERS_NAMES: type: string REQUEST_HEADERS: type: string REQUEST_LINE: type: string REQUEST_METHOD: type: string REQUEST_PROTOCOL: type: string RESPONSE_BODY: type: string RESPONSE_HEADERS: type: string RESPONSE_STATUS: type: string FINGERPRINT: type: string VERIFIED_BOT_CATEGORY: type: string additionalProperties: false nullable: true operatorType: $ref: '#/components/schemas/WafRuleOperatorType' value: type: string nullable: true additionalProperties: false ````