rules:
  - endpoint: "/list"

    # Regular expressions that forbid specific user agents.
    forbidden_user_agents:
      - 'python-requests.*'

    # Regular expressions that forbid specific header values.
    forbidden_headers:
      - 'Content-Type: text/html'

    required_headers:
      - "Content-Type"
      - "Content-Length"

    max_request_length_bytes: 20
    max_response_length_bytes: 50

    forbidden_response_codes: [201]

  - endpoint: "/login"

    # Regular expressions that ban specific requests.
    forbidden_request_re:
      - '.*(\.\./){3,}.*'

    # Regular expressions that ban specific responses.
    forbidden_response_re:
      - '.*admin.*'