diff --git a/security-rules.yml b/security-rules.yml
new file mode 100644
index 0000000..044669f
--- /dev/null
+++ b/security-rules.yml
@@ -0,0 +1,31 @@
+http:
+  middlewares:
+    # 1. Geoblocking Rule (Allow US only)
+    geoblock-policy:
+      plugin:
+        geoblock:
+          allowLocalRequests: true
+          logLocalRequests: false
+          countries:
+            - US
+
+    # 2. CrowdSec Firewall Rule
+    crowdsec-policy:
+      plugin:
+        crowdsec:
+          enabled: true
+          crowdsecLapiHost: "crowdsec:8080"
+          crowdsecLapiKey: "GENERATE_A_KEY_IN_STEP_5" # We will replace this shortly
+          crowdsecMode: stream
+
+    # 3. Secure HTTP Headers
+    secure-headers:
+      headers:
+        sslRedirect: true
+        stsSeconds: 31536000
+        stsIncludeSubdomains: true
+        stsPreload: true
+        forceSTSHeader: true
+        frameDeny: true
+        contentTypeNosniff: true
+        browserXssFilter: true
\ No newline at end of file