WAF Rule Exclusions

WAF rule exclusions provide a flexible way to handle false positives, allowing specific variables, rules, and the entire WAF to be excluded on a per request basis. You can configure up to 300 WAF exclusions and each exclusion of type rule can have up to 30 rules associated with it.

Data model

conditionstringA conditional expression in VCL used to determine if the condition is met.
created_atstringDate and time in ISO 8601 format.
exclusion_typestringThe type of exclusion.
ruleExclude the specified rules.
variableExclude the stated variable from the specified rules.
wafDisable the WAF.
loggingbooleanWhether to generate a log upon matching. Defaults to true.
namestringName of the exclusion.
numberintegerA numeric ID identifying a WAF exclusion.
updated_atstringDate and time in ISO 8601 format.
variablestringThe variable to exclude. An optional selector can be specified after the variable separated by a colon (:) to restrict the variable to a particular parameter. Required for exclusion_type=variable.
req.cookiesFor the Cookie request header.
req.headersFor the request headers.
req.postFor the request body.
req.post_filenameFor the filename parameter of the request body in case of multipart/form-data.
req.qsFor the query string.


List WAF rule exclusions


Create a WAF rule exclusion


Get a WAF rule exclusion


Delete a WAF rule exclusion


Update a WAF rule exclusion