[Yandex Cloud documentation](../../index.md) > [Yandex Smart Web Security](../index.md) > [Step-by-step guides](index.md) > ARL profiles > Editing a rule

# Editing a rule in an ARL profile

You can edit ARL rules only in an [ARL](../concepts/arl.md) profile. Basic [rules](../concepts/rules.md), as well as Smart Protection and WAF rules, are [edited in a security profile](rule-update.md).

{% list tabs group=instructions %}

- Management console {#console}

  1. In the [management console](https://console.yandex.cloud), select the [folder](../../resource-manager/concepts/resources-hierarchy.md#folder) with the ARL profile.
  1. Navigate to **Smart Web Security**.
  1. In the left-hand panel, select ![image](../../_assets/smartwebsecurity/arl.svg) **ARL profiles**.
  1. Select the profile to update a rule in.
  1. Next to the rule in question, click ![options](../../_assets/console-icons/ellipsis.svg) and select **Edit**. In the window that opens:
      1. Edit the basic rule settings:
          * **Name**.
          * **Description**.
          * Rule **priority**. The smaller the value, the higher is the rule priority.
          * Dry run (logging without request blocking) settings.

      1. Under **Conditions for traffic**, specify the traffic the rule will apply to:
         * `All traffic`: The rule will be used to analyze the whole traffic.
         * `On condition`: The rule will be used to analyze the traffic specified in the **Conditions** field:
             * `IP`: IP address, IP address range, IP address region, or [address list](../concepts/lists.md).
             * `HTTP header`: HTTP header string.
             * `Request URI`: Request path.
             * `Host`: Domain receiving the request.
             * `HTTP method`: Request method.
             * `Cookie`: Cookie header string.
             * `Bot name`: Names of legitimate bots owned by various companies and services.
             * `Bot category`: Verified bot categories based on their purpose or nature of action.
             * `Verified bot`: Filtering based on whether the bot is verified (`yes` or `no`).
             * `Bot score`: Filtering based on request bot score, from `0` (the lowest, represents a human) to `100` (the highest, represents a bot).
             * `FingerPrint`: SSL/TLS connection [fingerprint](../concepts/botes.md#fingerprint).
         
             You can set multiple conditions by selecting all the condition types you need in the **Conditions** field.
         
             You can also set multiple conditions of the same type by clicking ![plus-sign](../../_assets/console-icons/plus.svg) **and** or ![plus-sign](../../_assets/console-icons/plus.svg) **or** in the section with the condition you need.
         
             To delete a condition, click ![options](../../_assets/console-icons/trash-bin.svg).

      1. Change the request counting method and grouping properties:

          * `No grouping`: To count each request individually.
          * `Grouping by property`: To count request groups sharing one or more common properties.
          
              * Select a grouping property:
          
                  Automatic grouping | Grouping by key
                  ---|---
                  `Request path`: Request path. | `HTTP cookie`: Cookie header string.
                  `HTTP method`: Request method. | `HTTP header`: HTTP header string.
                  `IP address`: Source IP address of the request. | `Query params`: String in the request parameters.
                  `Region`: IP address region of the requests. |
                  `Host`: Domain receiving the request. |
          
                  To group by key, specify the key value.
          
              * Optionally, enable `Case-sensitive` to put properties with the same values in different cases into different groups.
          
          Specify a request limit or request limit per group, as well as a time interval (`1 second` to `60 minutes`) for the limit. All requests above the limit will get blocked.

      1. Under **When request limit is exceeded**, select one of the following actions:
         
         * **Block requests exceeding the limit** (available without request grouping): Blocks all incoming requests during the period specified in the limit.
         * **Temporarily block all requests** (available with request grouping) and specify the block period.
         * **Show captcha for requests exceeding the limit**: Forward all incoming requests during the period specified in the limit to captcha. You can configure captcha in the [security profile](profile-create.md) the ARL profile is connected to.
      
      1. Select or [create](template-create.md) a response template that will be returned to the client whenever a rule triggers. The standard Yandex Cloud template is used by default.
      1. Click **Save rule**.

- Terraform {#tf}

  With [Terraform](https://www.terraform.io/), you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.
  
  Terraform is distributed under the [Business Source License](https://github.com/hashicorp/terraform/blob/main/LICENSE). The [Yandex Cloud provider for Terraform](https://github.com/yandex-cloud/terraform-provider-yandex) is distributed under the [MPL-2.0](https://www.mozilla.org/en-US/MPL/2.0/) license.
  
  For more information about the provider resources, see the guides on the [Terraform](https://www.terraform.io/docs/providers/yandex/index.html) website or [its mirror](../../terraform/index.md).

  If you do not have Terraform yet, [install it and configure the Yandex Cloud provider](../../tutorials/infrastructure-management/terraform-quickstart.md#install-terraform).
  
  
  To manage infrastructure using Terraform under a service account or user accounts (a Yandex account, a federated account, or a local user), [authenticate](../../terraform/authentication.md) using the appropriate method.

  To edit a rule in an ARL profile:

  1. Open the Terraform configuration file and edit the `advanced_rate_limiter_rule` section in the `yandex_sws_advanced_rate_limiter_profile` description.

      ```hcl
      # ARL profile

      resource "yandex_sws_advanced_rate_limiter_profile" "arl-profile" {
        name        = "<profile_name>"
        description = "<profile_description>"


        # Rule 1

        advanced_rate_limiter_rule {
          name        = "<new_rule_name>"
          priority    = <new_rule_priority>
          description = "<new_rule_description>"
          dry_run     = true

          static_quota {
            action = "DENY"
            limit  = <new_rule_limit>
            period = <new_rule_period>
            condition {
              request_uri {
                path {
                  exact_match = "/api"
                }
              }
            }
          }
        }

        # Rule 2

        advanced_rate_limiter_rule {
          name        = "<rule_name>"
          priority    = <rule_priority>
          description = "<rule_description>"
          dry_run     = true
  
          static_quota {
            action = "DENY"
            limit  = <rule_limit>
            period = <rule_period>
            condition {
              source_ip {
                geo_ip_match {
                  locations = ["ru", "kz"]
                }
              }
            }
          }
        }
      }
      ```

      For more information about `yandex_sws_advanced_rate_limiter_profile` properties, see [this provider guide](../../terraform/resources/sws_advanced_rate_limiter_profile.md).

  1. Apply the changes:

       1. In the terminal, navigate to the configuration file directory.
       1. Make sure the configuration is correct using this command:
       
          ```bash
          terraform validate
          ```
       
          If the configuration is valid, you will get this message:
       
          ```bash
          Success! The configuration is valid.
          ```
       
       1. Run this command:
       
          ```bash
          terraform plan
          ```
       
          You will see a list of resources and their properties. No changes will be made at this step. Terraform will show any errors in the configuration.
       1. Apply the configuration changes:
       
          ```bash
          terraform apply
          ```
       
       1. Type `yes` and press **Enter** to confirm the changes.

       You can check the resource update in the [management console](https://console.yandex.cloud).

- API {#api}

  Use the [update](../advanced_rate_limiter/api-ref/AdvancedRateLimiterProfile/update.md) REST API method for the [AdvancedRateLimiterProfile](../advanced_rate_limiter/api-ref/AdvancedRateLimiterProfile/index.md) resource or the [AdvancedRateLimiterProfile/Update](../advanced_rate_limiter/api-ref/grpc/AdvancedRateLimiterProfile/update.md) gRPC API call.

{% endlist %}

### Useful links {#see-also}

* [Deleting a rule from a security profile](rule-delete.md)