WAF System Bypass Rules
WAF System Bypass Rules are available on Enterprise and Pro plans
While Vercel's system-level mitigations (such as DDoS protection) safeguard your websites and applications, it can happen that they block traffic from legitimate sources like proxies or shared networks in situations where traffic from these sources was identified as malicious.
You can ensure that specific IP addresses or CIDR ranges are never blocked by the Vercel Firewall's system mitigations with System Bypass Rules.
If you need to allow requests blocked by your own WAF Custom Rules, use another custom rule with a bypass action.
To add an IP address that should bypass system mitigations, open Firewall in the sidebar of your project and follow these steps:
- On the top right, click Add New and select System Bypass
- Complete the following fields in the Configure New System Bypass modal:
- IP Address Or CIDR (required)
- Domain (required): The domain connected to the project or use
*to specify all domains connected to a project - Note: For future reference
- Select the Create System Bypass button
You'll see a success message on the bottom right confirming that the rule was added.
System Bypass Rules have limits based on your account plan.
| Resource | Hobby | Pro | Enterprise |
|---|---|---|---|
| Number of system bypass rules per project | N/A | 25 | 100 |
Was this helpful?