WAF Rule Exclusions
WAF rule exclusions provide a flexible way to handle false positives, allowing specific variables, rules, and the entire WAF to be excluded on a per request basis. You can configure up to 300 WAF exclusions and each exclusion of type rule
can have up to 30 rules associated with it.
Data model
condition | string | A conditional expression in VCL used to determine if the condition is met. |
created_at | string | Date and time in ISO 8601 format. |
exclusion_type | string | The type of exclusion. |
rule | Exclude the specified rules. | |
variable | Exclude the stated variable from the specified rules. | |
waf | Disable the WAF. | |
logging | boolean | Whether to generate a log upon matching. Defaults to true . |
name | string | Name of the exclusion. |
number | integer | A numeric ID identifying a WAF exclusion. |
updated_at | string | Date and time in ISO 8601 format. |
variable | string | The variable to exclude. An optional selector can be specified after the variable separated by a colon (: ) to restrict the variable to a particular parameter. Required for exclusion_type=variable . |
req.cookies | For the Cookie request header. | |
req.headers | For the request headers. | |
req.post | For the request body. | |
req.post_filename | For the filename parameter of the request body in case of multipart/form-data . | |
req.qs | For the query string. |
Endpoints
Create a WAF rule exclusion
POST/waf/firewalls/firewall_id
/versions/firewall_version_number
/exclusions
Get a WAF rule exclusion
GET/waf/firewalls/firewall_id
/versions/firewall_version_number
/exclusions/exclusion_number