GettingStarted

Doorman 2.0 introduces multi-provider WAF automation so you can manage Vercel and Cloudflare security policies from the same workflow. Use this guide to get set up today and prepare for the forthcoming Cloudflare release.

Installation

To get started with Vercel Doorman, first install it using your preferred package manager:

npm install vercel-doorman

Doorman 2.0 preview

Cloudflare WAF support ships with Doorman 2.0. Install the CLI today and you will be able to target --provider cloudflare as soon as the release is live.

Note for Existing Projects:

If you have an existing Vercel project with firewall rules, start by using the download command to set up your local configuration:

npx vercel-doorman download

This will generate a vercel-firewall.config.json file with your existing configuration before you proceed.

When Cloudflare support lands, run npx vercel-doorman download --provider cloudflare to pull your Cloudflare WAF configuration into the same project.

Basic Usage

  1. Create or update configuration file:

    Ensure you have a vercel-firewall.config.json file in your project root with the following structure:

    {
  "projectId": "prj_",
  "teamId": "team_",
  "rules": [],
  "ips": []
}

    Replace prj_ and team_ with your actualprojectIdandteamId from Vercel.

    Cloudflare configuration (Doorman 2.0)

    The upcoming release adds support for Cloudflare accounts and zones. You will be able to extend your config with provider-specific sections without changing the rest of your workflow. Stay tuned for the dedicated Cloudflare quickstart when 2.0 is live.

  2. Add firewall rules:

    You can add rules in two ways:

    • Using Templates:

      Use the template command to add predefined rules:

      # List available templates
npx vercel-doorman template

# Add WordPress protection
npx vercel-doorman template wordpress

# Block AI bots
npx vercel-doorman template ai-bots
    • Manual Configuration:

      Add rules directly to your config file following this structure:

      {
  "name": "Block API Access",
  "description": "Block access to API endpoints",
  "conditionGroup": [
    {
      "conditions": [
        {
          "type": "path",
          "op": "pre",
          "value": "/api"
        }
      ]
    }
  ],
  "action": {
    "mitigate": {
      "action": "deny",
      "rateLimit": {
        "requests": 100,
        "window": "1m"
      },
      "actionDuration": "1h"
    }
  },
  "active": true
}

    Rule Components:

    • Condition Groups: Define when rules trigger (AND within groups, OR between groups)
    • Conditions: Match criteria using type, op, and value
    • Actions: Define response (deny, challenge, rateLimit, rewrite)
    • Metadata: Rule information (name, description, active)

    For more examples and templates, visit our examples folder on GitHub.

  3. Sync your rules:
    npx vercel-doorman sync --token YOUR_VERCEL_API_TOKEN

    This will apply your firewall rules to your Vercel project. Replace YOUR_VERCEL_API_TOKEN with your actual Vercel API token.

    Learn how to create and use a Vercel API token

    Cloudflare sync (preview)

    Doorman 2.0 adds npx vercel-doorman sync --provider cloudflare so you can promote Cloudflare WAF changes alongside your Vercel updates.

  4. Add script alias (optional):

    To make it easier to run the sync command, add a script alias to your package.json file:

    "scripts": {
    ... other scripts ...
    "firewall:list": "vercel-doorman list",
    "firewall:download": "vercel-doorman download",
    "firewall:sync": "vercel-doorman sync",
    "firewall:validate": "vercel-doorman validate"
}

    This will allow you to run npm run firewall:sync to apply your firewall rules.

Common Rule Examples

Basic Protection

Advanced Security

Specialized Rules

Next Steps