WAF Rule Exclusions

WAF rule exclusions provide a flexible way to handle false positives, allowing specific variables, rules, and the entire WAF to be excluded on a per request basis. You can configure up to 300 WAF exclusions and each exclusion of type rule can have up to 30 rules associated with it.

Data model

conditionstringA conditional expression in VCL used to determine if the condition is met.
created_atstringDate and time in ISO 8601 format.
exclusion_typestringThe type of exclusion.
loggingbooleanWhether to generate a log upon matching.
namestringName of the exclusion.
numberintegerA numeric ID identifying a WAF exclusion.
updated_atstringDate and time in ISO 8601 format.
variablestringThe variable to exclude. An optional selector can be specified after the variable separated by a colon (:) to restrict the variable to a particular parameter. Required for exclusion_type=variable.

Endpoints

List WAF rule exclusions

GET/waf/firewalls/firewall_id/versions/firewall_version_number/exclusions

Create a WAF rule exclusion

POST/waf/firewalls/firewall_id/versions/firewall_version_number/exclusions

Get a WAF rule exclusion

GET/waf/firewalls/firewall_id/versions/firewall_version_number/exclusions/exclusion_number

Delete a WAF rule exclusion

DELETE/waf/firewalls/firewall_id/versions/firewall_version_number/exclusions/exclusion_number

Update a WAF rule exclusion

PATCH/waf/firewalls/firewall_id/versions/firewall_version_number/exclusions/exclusion_number