WAF Rule Exclusions

WAF rule exclusions provide a flexible way to handle false positives, allowing specific variables, rules, and the entire WAF to be excluded on a per request basis. You can configure up to 300 WAF exclusions and each exclusion of type rule can have up to 30 rules associated with it.

Data model

conditionstringA conditional expression in VCL used to determine if the condition is met.
created_atstringDate and time in ISO 8601 format.
exclusion_typestringThe type of exclusion.
loggingbooleanWhether to generate a log upon matching.
namestringName of the exclusion.
numberintegerA numeric ID identifying a WAF exclusion.
updated_atstringDate and time in ISO 8601 format.
variablestringThe variable to exclude. An optional selector can be specified after the variable separated by a colon (:) to restrict the variable to a particular parameter. Required for exclusion_type=variable.


List WAF rule exclusions


Create a WAF rule exclusion


Get a WAF rule exclusion


Delete a WAF rule exclusion


Update a WAF rule exclusion