> ## Documentation Index > Fetch the complete documentation index at: https://docs.metlo.com/llms.txt > Use this file to discover all available pages before exploring further. # WAF You can create your own WAF rules with the ability to block, rate-limit, and tag requests. ### Block For each type of rule, you can supply different types of conditions that must be met such as `Path`, `IP Address`, and `Request Header`. These conditions can be grouped together to specify if all or if just one needs to be true, and you can chain together multiple groups to create a ruleset. For example, the block rule below will block all requests that originate from the IP Address **176.185.161.186**. 3808 ### Tag For **Tag** rules, you must specify the `Tag Name` that you want applied to any requests that match the condition set. The tag rule below will tag all requests to the login endpoint that return 401 status code with `Unauthorized_Login`. 3808 ### Rate Limit For **Rate Limit** rules, you can specify the type of identifier to be used to determine the uniqueness of the requests. The possible identifiers are `IP Address`, `User`, and `Session`; you can select any combination of the three. In the `Action` section, you can specify the number of requests (**Threshold**) that must match the condition set within a certain period of time (**Interval**) before Metlo starts to block any subsequent requests from that unique identifier for the next `x` hours/minutes/seconds (**Duration**). The rate-limit rule below will block any unique IP addresses that attempt more than 10 login requests within a minute for the next 10 minutes. 3808