# XML Rules You can place all your security rules inside of an XML file and then tell CBSecurity where they are: {% code title="config/Coldbox.cfc" %} ```javascript // CB Security cbSecurity : { firewall : { rules : { provider : { "source" : "config/security.xml.cfm" } } } } ``` {% endcode %} Then your XML file can look like this: {% code title="config/security.xml.cfm" %} ```markup <-- < Declare as many rule elements as you want, order is important Remember that the securelist can contain a list of regular expressions if you want ex: All events in the user handler user\..* ex: All events .* ex: All events that start with admin ^admin If you are not using regular expressions, just write the text that can be found in an event. --> event user\.login,user\.logout,^main.* ^user\..*, ^admin admin read,write user.login event ^moderator admin,moderator read user.login url /secured.* admin,paid_subscriber user.pay ``` {% endcode %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://coldbox-security.ortusbooks.com/getting-started/configuration/firewall/xml-properties.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.