You can now control Vercel’s Web Application Firewall (WAF) actions directly in , alongside existing support in the dashboard, API, and terraform.vercel.json This approach provides a structured way for both developers and agents to declaratively define and push rules to projects. Agents can use code-generating prompts to author new rules that are easily injected into the project’s vercel.json. The and matchers have also to support more expressive conditions across headers, rewrites, redirects, and routes.

Matching options include:hasmissingbeen enhanced The following example shows how to deny a request that is prefixed by a specific header: Read more about and .Vercel's WAFconfiguring WAF rules in vercel.json Read more String equality and inequality Regular expressions Prefixes and suffixes Inclusion and exclusion from string arrays Numeric comparisons