Redundant rule

Two rules of the same kind have identical match conditions.

Redundant rule

The analyzer flags this warning when two rules of the same kind (both allow or both deny) have identical match conditions: same method, URL pattern, body matchers, and header matchers. The second rule never adds enforcement value because the first one already matches everything it would.

The check looks for exact match-condition equivalence, not subset/superset relationships. Two rules where one is a strict subset of another are not flagged automatically; narrow that case manually if it's wrong.

Example

yaml

default: allow
rules:
  - name: deny-all-deletes
    deny:
      method: [DELETE]
      url: "api.stripe.com/**"
  - name: deny-stripe-deletes # redundant: deny-all-deletes already matches this
    deny:
      method: [DELETE]
      url: "api.stripe.com/**"

Fix

Remove the duplicate rule. If you intended the two rules to have different scopes, narrow the match conditions on one of them so they cover distinct request sets:

yaml

default: allow
rules:
  - name: deny-all-deletes
    deny:
      method: [DELETE]
      url: "api.stripe.com/**"