Configure Rules

Before you start

You can configure Tenant Access Control List (ACL) rules with the Auth0 Management API.

Create a rule

You can create a Tenant ACL rule with the Management API Create access control list endpoint.

Parameters

Parameter Data type Description
description string Describes the purpose or functionality of the rule.
active boolean Enables or disables the rule.
priority number Numerical vaalue that determines the order in which the rule is evaluated. Lower values indicate higher priority.
rule object Contains the conditions and actions of the rule.
action object Contains the action the rule performs.
match object Defines the conditions that the incoming reuqest must fulfill.
not_match object Defines the conditions that the incoming request must not fulfill.
scope string Service or context in which the rule is enforced.

Example

Here’s an example of a Tenant ACL rule that blocks all incoming traffic from the United States.

{
  "description": "Block all traffic from the United States",
  "active": true,
  "priority": 1,
  "rule": {
    "action": {
      "block": true,
    },
    "match": {
      "geo_country_codes": ["US"]
    },
    "scope": "authentication"
  }
}

Was this helpful?

/

Enable monitoring mode for a rule

You can enable monitoring mode for a Tenant ACL rule with the Management API Update access control list endpoint.

Add the log property to the rule.action object and set its value to true.


curl --request PUT \
  --url 'https://{yourDomain}/api/v2/network-acls/ACL_ID' \
  --header 'authorization: Bearer MANAGEMENT_API_TOKEN' \
  --header 'content-type: application/json' \
  --data '{
  "description": "Logging mode enabled",
  "active": true,
  “priority”: 1,
  "rule": {
    "action": { "log": true },
    "match": { "geo_country_codes": ["GEO_COUNTRY_CODE"] },
    "scope": "tenant"
  }
}'

Was this helpful?

/
var client = new RestClient("https://{yourDomain}/api/v2/network-acls/ACL_ID");
var request = new RestRequest(Method.PUT);
request.AddHeader("content-type", "application/json");
request.AddHeader("authorization", "Bearer MANAGEMENT_API_TOKEN");
request.AddParameter("application/json", "{\n  \"description\": \"Logging mode enabled\",\n  \"active\": true,\n  “priority”: 1,\n  \"rule\": {\n    \"action\": { \"log\": true },\n    \"match\": { \"geo_country_codes\": [\"GEO_COUNTRY_CODE\"] },\n    \"scope\": \"tenant\"\n  }\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);

Was this helpful?

/
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "https://{yourDomain}/api/v2/network-acls/ACL_ID"

	payload := strings.NewReader("{\n  \"description\": \"Logging mode enabled\",\n  \"active\": true,\n  “priority”: 1,\n  \"rule\": {\n    \"action\": { \"log\": true },\n    \"match\": { \"geo_country_codes\": [\"GEO_COUNTRY_CODE\"] },\n    \"scope\": \"tenant\"\n  }\n}")

	req, _ := http.NewRequest("PUT", url, payload)

	req.Header.Add("content-type", "application/json")
	req.Header.Add("authorization", "Bearer MANAGEMENT_API_TOKEN")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

Was this helpful?

/
HttpResponse<String> response = Unirest.put("https://{yourDomain}/api/v2/network-acls/ACL_ID")
  .header("content-type", "application/json")
  .header("authorization", "Bearer MANAGEMENT_API_TOKEN")
  .body("{\n  \"description\": \"Logging mode enabled\",\n  \"active\": true,\n  “priority”: 1,\n  \"rule\": {\n    \"action\": { \"log\": true },\n    \"match\": { \"geo_country_codes\": [\"GEO_COUNTRY_CODE\"] },\n    \"scope\": \"tenant\"\n  }\n}")
  .asString();

Was this helpful?

/
var axios = require("axios").default;

var options = {
  method: 'PUT',
  url: 'https://{yourDomain}/api/v2/network-acls/ACL_ID',
  headers: {
    'content-type': 'application/json',
    authorization: 'Bearer MANAGEMENT_API_TOKEN'
  },
  data: '{\n  "description": "Logging mode enabled",\n  "active": true,\n  “priority”: 1,\n  "rule": {\n    "action": { "log": true },\n    "match": { "geo_country_codes": ["GEO_COUNTRY_CODE"] },\n    "scope": "tenant"\n  }\n}'
};

axios.request(options).then(function (response) {
  console.log(response.data);
}).catch(function (error) {
  console.error(error);
});

Was this helpful?

/
#import <Foundation/Foundation.h>

NSDictionary *headers = @{ @"content-type": @"application/json",
                           @"authorization": @"Bearer MANAGEMENT_API_TOKEN" };

NSData *postData = [[NSData alloc] initWithData:[@"{
  "description": "Logging mode enabled",
  "active": true,
  “priority”: 1,
  "rule": {
    "action": { "log": true },
    "match": { "geo_country_codes": ["GEO_COUNTRY_CODE"] },
    "scope": "tenant"
  }
}" dataUsingEncoding:NSUTF8StringEncoding]];

NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://{yourDomain}/api/v2/network-acls/ACL_ID"]
                                                       cachePolicy:NSURLRequestUseProtocolCachePolicy
                                                   timeoutInterval:10.0];
[request setHTTPMethod:@"PUT"];
[request setAllHTTPHeaderFields:headers];
[request setHTTPBody:postData];

NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
                                            completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
                                                if (error) {
                                                    NSLog(@"%@", error);
                                                } else {
                                                    NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
                                                    NSLog(@"%@", httpResponse);
                                                }
                                            }];
[dataTask resume];

Was this helpful?

/
$curl = curl_init();

curl_setopt_array($curl, [
  CURLOPT_URL => "https://{yourDomain}/api/v2/network-acls/ACL_ID",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "PUT",
  CURLOPT_POSTFIELDS => "{\n  \"description\": \"Logging mode enabled\",\n  \"active\": true,\n  “priority”: 1,\n  \"rule\": {\n    \"action\": { \"log\": true },\n    \"match\": { \"geo_country_codes\": [\"GEO_COUNTRY_CODE\"] },\n    \"scope\": \"tenant\"\n  }\n}",
  CURLOPT_HTTPHEADER => [
    "authorization: Bearer MANAGEMENT_API_TOKEN",
    "content-type: application/json"
  ],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}

Was this helpful?

/
import http.client

conn = http.client.HTTPSConnection("")

payload = "{\n  \"description\": \"Logging mode enabled\",\n  \"active\": true,\n  “priority”: 1,\n  \"rule\": {\n    \"action\": { \"log\": true },\n    \"match\": { \"geo_country_codes\": [\"GEO_COUNTRY_CODE\"] },\n    \"scope\": \"tenant\"\n  }\n}"

headers = {
    'content-type': "application/json",
    'authorization': "Bearer MANAGEMENT_API_TOKEN"
    }

conn.request("PUT", "/{yourDomain}/api/v2/network-acls/ACL_ID", payload, headers)

res = conn.getresponse()
data = res.read()

print(data.decode("utf-8"))

Was this helpful?

/
require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://{yourDomain}/api/v2/network-acls/ACL_ID")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Put.new(url)
request["content-type"] = 'application/json'
request["authorization"] = 'Bearer MANAGEMENT_API_TOKEN'
request.body = "{\n  \"description\": \"Logging mode enabled\",\n  \"active\": true,\n  “priority”: 1,\n  \"rule\": {\n    \"action\": { \"log\": true },\n    \"match\": { \"geo_country_codes\": [\"GEO_COUNTRY_CODE\"] },\n    \"scope\": \"tenant\"\n  }\n}"

response = http.request(request)
puts response.read_body

Was this helpful?

/
import Foundation

let headers = [
  "content-type": "application/json",
  "authorization": "Bearer MANAGEMENT_API_TOKEN"
]

let postData = NSData(data: "{
  "description": "Logging mode enabled",
  "active": true,
  “priority”: 1,
  "rule": {
    "action": { "log": true },
    "match": { "geo_country_codes": ["GEO_COUNTRY_CODE"] },
    "scope": "tenant"
  }
}".data(using: String.Encoding.utf8)!)

let request = NSMutableURLRequest(url: NSURL(string: "https://{yourDomain}/api/v2/network-acls/ACL_ID")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "PUT"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()

Was this helpful?

/