====Combining Security Rules====

You can use //arrays// to combine [[pathsecurity|security rules]].

With a single array, the rules must **all** be met in order for access to be allowed (an AND condition). For example, if you have both a [[security_whitelist|whitelist]] and a [[security_token|token]] rule in a single array, you must have both a correct IP address and a security token.

With //nested// arrays, you only need to match **one** of the sets of results.

===Single Rule Example===

A single rule that must be met.

<code>
{
   "type": "whitelist",
   "list": ["127.0.0.1"]
}
</code>

===AND Condition Example===

The condition below will allow access to the computer on IP address 192.168.0.55, but only if it **also** has the value '1234' in the 'X-Access-Token' header.

<code>
[
   {
      "type": "whitelist",
      "list": ["192.168.0.55"]
   },
   {
      "type": "token",
      "header": "X-Access-Token",
      "value": "1234"
   }
]
</code>

===OR Condition Example===

In this rule, we allow access for anyone who matches the rule above, **OR** any connection from the local server.

<code>
[
  [{
         "type": "whitelist",
         "list": ["127.0.0.1"]
  }],
  [
     {
        "type": "whitelist",
        "list": ["192.168.0.55"]
     },
     {
        "type": "token",
        "header": "X-Access-Token",
        "value": "1234"
     }
  ]
]
</code>