# Firewall Rules

{% hint style="info" %}
**Configures:**

* Which requests to record/mock?
  {% endhint %}

{% hint style="info" %}
Firewall rules are applied after [data rules](https://docs.stoobly.com/core-concepts/agent/proxy-settings/data-rules).
{% endhint %}

This section provides fine-grained configuration to control which requests are recorded, mocked or replayed. Rules are applied if a request URL matches the provided regex **pattern.**

## Rule Configuration

<figure><img src="https://3980092275-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MLvhXOE-py5MDUOXDKD%2Fuploads%2Fgit-blob-7162afacf01f1d927959149f88bfe1874273386f%2FScreen%20Shot%202023-04-12%20at%209.55.51%20AM.png?alt=media" alt=""><figcaption><p>Figure 1. Firewall rule</p></figcaption></figure>

## Rule Components

### Method

HTTP verb(s) the rule applies to such as GET, POST, DELETE, etc.

### Pattern

Pattern to match with the request URL to apply the rule to. This supports regular expressions.

### Action

Whether to include or exclude requests that match.

### Modes Applied To

Which agent mode to apply the firewall rule to such as mock, record and/or replay

## Example

For example, maybe you want to exclude recording requests that generate OAuth tokens. And let's assume that the endpoint is `POST https://internal.company.com/v1/token` . You can then create a rule with the following values:

* Method - `POST`
* Pattern - `https://internal.company.com/v1/token`
* Action - `Exclude`
* Modes Applied To - `Record`

##