diff --git a/main.go b/main.go
index 468e176..ae39e07 100644
--- a/main.go
+++ b/main.go
@@ -64,6 +64,7 @@ type config struct {
 	// Allowed rageshake app names
 	AllowedAppNames []string `yaml:"allowed_app_names"`
 
+	// List of rejection conditions
 	RejectionConditions []RejectionCondition `yaml:"rejection_conditions"`
 
 	// A GitHub personal access token, to create a GitHub issue for each report.
@@ -98,9 +99,12 @@ type config struct {
 
 // RejectionCondition contains the fields that should match a bug report for it to be rejected.
 type RejectionCondition struct {
+	// Required field: if a payload does not match this app name, the condition does not match.
+	App string `yaml:"app"`
+	// Optional: version that must also match in addition to the app and label. If empty, does not check version.
 	Version string `yaml:"version"`
-	Label   string `yaml:"label"`
-	App     string `yaml:"app"`
+	// Optional: label that must also match in addition to the app and version. If empty, does not check label.
+	Label string `yaml:"label"`
 }
 
 // shouldReject returns true if the app name AND version AND labels all match the rejection condition.
diff --git a/main_test.go b/main_test.go
index 4150d7c..bd5e84a 100644
--- a/main_test.go
+++ b/main_test.go
@@ -18,6 +18,9 @@ func TestConfigRejectionCondition(t *testing.T) {
 				Version: "0.1.2",
 				Label:   "nightly",
 			},
+			{
+				App: "block-my-app",
+			},
 		},
 	}
 	rejectPayloads := []payload{
@@ -39,6 +42,26 @@ func TestConfigRejectionCondition(t *testing.T) {
 				"Version": "0.1.2",
 			},
 		},
+		{
+			AppName: "block-my-app",
+		},
+		{
+			AppName: "block-my-app",
+			Labels:  []string{"foo"},
+		},
+		{
+			AppName: "block-my-app",
+			Data: map[string]string{
+				"Version": "42",
+			},
+		},
+		{
+			AppName: "block-my-app",
+			Labels:  []string{"foo"},
+			Data: map[string]string{
+				"Version": "42",
+			},
+		},
 	}
 	for _, p := range rejectPayloads {
 		if !cfg.matchesRejectionCondition(&p) {
diff --git a/rageshake.sample.yaml b/rageshake.sample.yaml
index 65e26b5..2ec37be 100644
--- a/rageshake.sample.yaml
+++ b/rageshake.sample.yaml
@@ -13,6 +13,8 @@ listings_auth_pass: secret
 allowed_app_names: []
 
 # If any submission matches one of these rejection conditions, the submission is rejected.
+# The 'app' field is required, but 'version' and 'label' are both optional. A condition with just
+# an 'app' will reject those apps, effectively acting as a blocklist for app in contrast to allowed_app_names.
 rejection_conditions:
   - app: my-app
     version: "0.4.9" # if the submission has a Version which is exactly this value, reject the submission.
diff --git a/submit.go b/submit.go
index 78a3335..746b7f7 100644
--- a/submit.go
+++ b/submit.go
@@ -440,9 +440,9 @@ func formPartToPayload(field, data string, p *payload) {
 //     application/javascript and open XSS vulnerabilities. We also allow gzipped
 //     text and json on the same basis (there's really no sense allowing gzipped images).
 //
-// * no silly characters (/, ctrl chars, etc)
+//   - no silly characters (/, ctrl chars, etc)
 //
-// * nothing starting with '.'
+//   - nothing starting with '.'
 var filenameRegexp = regexp.MustCompile(`^[a-zA-Z0-9_-]+\.(jpg|png|txt|json|txt\.gz|json\.gz)$`)
 
 // saveFormPart saves a file upload to the report directory.