---
title: Testing rule logic with the simulator
summary: null
url: >-
  https://www.fastly.com/documentation/guides/next-gen-waf/rules/testing-rule-logic-with-the-simulator
---

To help test and debug rule logic, use the Simulator feature. With the Simulator, you can send sample requests and responses through the Next-Gen WAF's detection engine. Based on the constructed samples, the detection engine generates an output that includes the following information:

- whether the WAF would block or log the sample request
- the response code that would be returned
- the signals that the WAF would add to the request
- whether redactions would occur

## Limitations

The simulator has the following limitations:

- The simulator doesn't support [advanced rate limiting rules](https://www.fastly.com/documentation/guides/next-gen-waf/rules/working-with-advanced-rate-limiting-rules), the [deception action](https://www.fastly.com/documentation/guides/next-gen-waf/rules/using-the-deception-action), or geolocation (i.e., rules that use country codes).
- The simulator uses a reverse proxy deployment implementation. If you use the Edge WAF deployment method, you might notice discrepancies between your implementation and the simulator.
- The simulator won't return any signals added to the request if the only signals left at the end of processing are considered informational, unless the request is explicitly blocked or allowed.

## Using the simulator

To use the simulator, complete the following steps:

### Next Gen Waf Control Panel

1.   Log in to the [Next-Gen WAF control panel](https://dashboard.signalsciences.net).

2.   From the **Sites** menu, select a site if you have more than one site.

3. From the **Rules** menu, select **Simulator**.
4. In the **Sample Request** field, construct a sample request.
5. In the **Sample Response** field, construct a sample response.
6. Click **Simulate**.
7. View the **Simulation Output**.

### Fastly Control Panel

1.   Log in to the [Fastly control panel](https://manage.fastly.com).

2.   Go to **Security** > **Next-Gen WAF** > [**Simulator**](https://manage.fastly.com/security/ngwaf/simulator).

3.   From the workspaces bar, click the menu <span class="inline-icons"><img src="/img/icons/chevron-down.png" alt="Menu icon" /></span> to the right of the workspace name and select a workspace.

4. In the **Sample Request** field, construct a sample request.
5. In the **Sample Response** field, construct a sample response.
6. Click **Simulate**.
7. View the **Simulation Output**.

## Simulating logged requests

> **IMPORTANT:** This section only applies to customers with access to the Next-Gen WAF product in the Fastly control panel.

You can open a historic logged request directly in the simulator from the request detail view. The request is reconstructed from data stored by the WAF agent and pre-populated in the simulator form for you to review and edit before running the simulation.

### Reconstruction limitations

Request reconstruction accuracy depends on the content type of the original request. Check the reconstructed request carefully before running the simulation.

| Content-Type                        | Fidelity          | Notes                                                              |
| ----------------------------------- | ----------------- | ------------------------------------------------------------------ |
| `application/x-www-form-urlencoded` | High              | Faithful round-trip                                                |
| `application/json`                  | Medium-High       | Synthesized from signal path keys                                  |
| `application/xml`, `text/xml`       | Medium            | Element paths encode nesting                                       |
| `text/plain`                        | Medium            | Best-effort from signal values                                     |
| `multipart/form-data`               | Not reconstructed | MIME boundary information is lost during WAF processing            |
| `text/csv`                          | Not reconstructed | Delimiter and row layout information is lost during WAF processing |

Additional limitations:

- **Query strings:** Query parameters are stripped from the stored URI by the WAF agent. Only query parameters that triggered a signal detection are recoverable. Non-triggering parameters cannot be recovered.
- **Requests with body parsing errors:** If the Next-Gen WAF agent detected a Content-Type mismatch (indicated by a `MALFORMED-DATA` or `JSON-ERROR` signal), the body is not reconstructed because the declared Content-Type is unreliable.

### Opening requests in the simulator

To open a request in the simulator, complete the following steps:

1.   Log in to the [Fastly control panel](https://manage.fastly.com).

2.   Go to **Security** > **Next-Gen WAF** > [**Requests**](https://manage.fastly.com/security/ngwaf/requests).

3.   From the workspaces bar, click the menu <span class="inline-icons"><img src="/img/icons/chevron-down.png" alt="Menu icon" /></span> to the right of the workspace name and select a workspace.

4. Click the document icon <span class="inline-icons"><img src="/img/icons/document.png" alt="Document icon" /></span> next to a request to open the request detail view.
5. Click **Options** and select **Simulate request**. The simulator displays the reconstructed request.
6. Review the pre-populated **Sample Request** and **Sample Response**. Edit as needed to fill in any missing content (see [reconstruction limitations](https://www.fastly.com/documentation/guides/next-gen-waf/rules/testing-rule-logic-with-the-simulator#reconstruction-limitations) above).
7. Click **Simulate**.
8. View the **Simulation Output**.