Reorder Rules
Change the evaluation priority of rules. The first matching rule determines the action.
Endpoint
Reorders rule evaluation priority. Rules are evaluated in the order specified - the first rule that matches determines the action taken.
Authentication
Requires API Key with Policy Definition permission.
Request Body
Provide an array of rule UUIDs in the desired order (most important first):
Requirements: - Array must contain UUIDs only (no objects) - All active rules should be included - Order matters: first rule wins
Response
Returns 200 OK on successful reordering. The response body is typically empty or contains a success message.
Examples
Reorder Rules by Priority
Place most specific rules first, general rules last.
# Get current rule order
curl -X GET "https://your-shield-host:8080/api/rules" \
-H "Authorization: Bearer YOUR_API_KEY" | jq '[.items[] | .id]'
# Reorder (most important first)
curl -X POST "https://your-shield-host:8080/api/rules/ruleorder" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '["critical-rule-uuid", "standard-rule-uuid", "low-priority-uuid"]'
import requests
BASE_URL = "https://your-shield-host:8080"
HEADERS = {"Authorization": "Bearer YOUR_API_KEY"}
# Get current rules
response = requests.get(f"{BASE_URL}/api/rules", headers=HEADERS)
rule_ids = [rule["id"] for rule in response.json()["items"]]
print(f"Current order: {rule_ids}")
# Reorder (most important first)
new_order = ["critical-rule-uuid", "standard-rule-uuid", "low-priority-uuid"]
response = requests.post(
f"{BASE_URL}/api/rules/ruleorder",
headers=HEADERS,
json=new_order
)
print("Rules reordered successfully")
const axios = require('axios');
const BASE_URL = 'https://your-shield-host:8080';
const HEADERS = { 'Authorization': 'Bearer YOUR_API_KEY' };
// Get current rules
const response = await axios.get(`${BASE_URL}/api/rules`, { headers: HEADERS });
const ruleIds = response.data.items.map(rule => rule.id);
console.log(`Current order: ${ruleIds}`);
// Reorder (most important first)
const newOrder = ['critical-rule-uuid', 'standard-rule-uuid', 'low-priority-uuid'];
await axios.post(`${BASE_URL}/api/rules/ruleorder`, newOrder, { headers: HEADERS });
console.log('Rules reordered successfully');
Move Rule to Top Priority
Make a specific rule the first to be evaluated.
PRIORITY_RULE_ID="rule-to-prioritize-uuid"
# Get current rules and extract IDs (excluding the priority rule)
OTHER_RULES=$(curl -s -X GET "https://your-shield-host:8080/api/rules" \
-H "Authorization: Bearer YOUR_API_KEY" \
| jq -r --arg id "$PRIORITY_RULE_ID" '[.items[] | select(.id != $id) | .id] | join("\",\"")' | sed 's/^/[\"/; s/$/\"]/')
# Create new order with priority rule first
curl -X POST "https://your-shield-host:8080/api/rules/ruleorder" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d "[\"$PRIORITY_RULE_ID\",$OTHER_RULES]"
import requests
BASE_URL = "https://your-shield-host:8080"
HEADERS = {"Authorization": "Bearer YOUR_API_KEY"}
# Get current rules
response = requests.get(f"{BASE_URL}/api/rules", headers=HEADERS)
rules = response.json()["items"]
# Find the rule to prioritize
priority_rule_id = "rule-to-prioritize-uuid"
other_rules = [r["id"] for r in rules if r["id"] != priority_rule_id]
# Create new order with priority rule first
new_order = [priority_rule_id] + other_rules
requests.post(
f"{BASE_URL}/api/rules/ruleorder",
headers=HEADERS,
json=new_order
)
print(f"Rule {priority_rule_id} moved to top priority")
const axios = require('axios');
const BASE_URL = 'https://your-shield-host:8080';
const HEADERS = { 'Authorization': 'Bearer YOUR_API_KEY' };
// Get current rules
const response = await axios.get(`${BASE_URL}/api/rules`, { headers: HEADERS });
const rules = response.data.items;
// Find the rule to prioritize
const priorityRuleId = 'rule-to-prioritize-uuid';
const otherRules = rules.filter(r => r.id !== priorityRuleId).map(r => r.id);
// Create new order with priority rule first
const newOrder = [priorityRuleId, ...otherRules];
await axios.post(`${BASE_URL}/api/rules/ruleorder`, newOrder, { headers: HEADERS });
console.log(`Rule ${priorityRuleId} moved to top priority`);
Organize Rules by Action Type
Group rules by action: block first, then obfuscate, then detect.
# Get all rules and organize by action type
RULES=$(curl -s -X GET "https://your-shield-host:8080/api/rules" \
-H "Authorization: Bearer YOUR_API_KEY")
BLOCK_RULES=$(echo "$RULES" | jq -r '[.items[] | select(.action == "block") | .id]')
OBFUSCATE_RULES=$(echo "$RULES" | jq -r '[.items[] | select(.action == "obfuscate") | .id]')
DETECT_RULES=$(echo "$RULES" | jq -r '[.items[] | select(.action == "detect") | .id]')
# Combine in priority order
NEW_ORDER=$(jq -n --argjson b "$BLOCK_RULES" --argjson o "$OBFUSCATE_RULES" --argjson d "$DETECT_RULES" '$b + $o + $d')
# Apply new order
curl -X POST "https://your-shield-host:8080/api/rules/ruleorder" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d "$NEW_ORDER"
import requests
BASE_URL = "https://your-shield-host:8080"
HEADERS = {"Authorization": "Bearer YOUR_API_KEY"}
# Get all rules
response = requests.get(f"{BASE_URL}/api/rules", headers=HEADERS)
rules = response.json()["items"]
# Sort by action priority
block_rules = [r["id"] for r in rules if r["action"] == "block"]
obfuscate_rules = [r["id"] for r in rules if r["action"] == "obfuscate"]
detect_rules = [r["id"] for r in rules if r["action"] == "detect"]
# Combine in priority order
new_order = block_rules + obfuscate_rules + detect_rules
response = requests.post(
f"{BASE_URL}/api/rules/ruleorder",
headers=HEADERS,
json=new_order
)
print(f"Reordered {len(new_order)} rules by action type")
const axios = require('axios');
const BASE_URL = 'https://your-shield-host:8080';
const HEADERS = { 'Authorization': 'Bearer YOUR_API_KEY' };
// Get all rules
const response = await axios.get(`${BASE_URL}/api/rules`, { headers: HEADERS });
const rules = response.data.items;
// Sort by action priority
const blockRules = rules.filter(r => r.action === 'block').map(r => r.id);
const obfuscateRules = rules.filter(r => r.action === 'obfuscate').map(r => r.id);
const detectRules = rules.filter(r => r.action === 'detect').map(r => r.id);
// Combine in priority order
const newOrder = [...blockRules, ...obfuscateRules, ...detectRules];
await axios.post(`${BASE_URL}/api/rules/ruleorder`, newOrder, { headers: HEADERS });
console.log(`Reordered ${newOrder.length} rules by action type`);
Important Notes
Rule Evaluation Logic
Rules are evaluated in order until a match is found:
- Shield checks each rule in sequence
- The first matching rule determines the action
- Remaining rules are not evaluated
Example:
Order: [Block PII, Detect SSN, Obfuscate Credit Cards]
If traffic matches "Block PII" → blocked (other rules ignored)
If traffic doesn't match "Block PII" but matches "Detect SSN" → detected
If traffic matches neither → check "Obfuscate Credit Cards"
Best Practice Order
Recommended rule ordering strategy:
- Most specific blocking rules (e.g., "Block SSNs to external APIs")
- General blocking rules (e.g., "Block all PII to external services")
- Specific obfuscation rules (e.g., "Mask credit cards in logs")
- General obfuscation rules (e.g., "Mask all PII")
- Detection-only rules (e.g., "Detect all sensitive data")
Error Responses
| Status Code | Description |
|---|---|
400 |
Invalid request body (invalid UUIDs or missing rules) |
401 |
Invalid or expired API key |
403 |
Insufficient permissions (requires Policy Definition) |
Related Topics
- List Rules - View current rule order
- Create Rule - New rules are added at the end by default
- Get Rule - View individual rule details
- Rules Overview - Learn about rule evaluation logic