# XML Rules If you have already an XML file with your rules, then all you need to do is add the path (relative or absolute) to that file in the `rules` configuration key. However, the path MUST include the keyword `XML` in it. {% code title="config/Coldbox.cfc" %} ```javascript moduleSettings = { // CB Security cbSecurity : { "rules" : "config/security.xml.cfm" }; ``` {% endcode %} Then your xml file can look like this: {% code title="config/security.xml.cfm" %} ```markup <-- < Declare as many rule elements as you want, order is important Remember that the securelist can contain a list of regular expressions if you want ex: All events in the user handler user\..* ex: All events .* ex: All events that start with admin ^admin If you are not using regular expressions, just write the text that can be found in an event. --> event user\.login,user\.logout,^main.* ^user\..*, ^admin admin read,write user.login event ^moderator admin,moderator read user.login url /secured.* admin,paid_subscriber user.pay ``` {% endcode %}