policies:
  default:
    triggers:
    - appsec-default-log-trigger
    mode: inactive
    practices:
    - webapp-default-practice
    custom-response: appsec-default-web-user-response
  specific-rules:
  - host: {{ domain_names.first }}
    triggers:
    - appsec-default-log-trigger
    mode: {{openappsec_mode}}
    practices:
    - webapp-default-practice
    custom-response: appsec-default-web-user-response