BOOL, can be read and
set, but not
true by the WAF when a request is flagged for blocking.
Requests will be flagged for blocking after a qualifying rule is matched, which must be either:
- a strict rule, configured in blocking mode, whose pattern matches the current request; or
- a threshold rule, configured in blocking mode, where the associated category anomaly score is above the threshold configured for the rule.
For example, a strict rule configured to look for "<script>" in the request path and set to blocking mode would flag a request for
/foo/<script>. A similar scoring rule would not flag the request, but would add value to
waf.xss_score (category-specific score) and
waf.anomaly_score (overall anomaly total). The threshold rule for
waf.xss_score may then be matched if the score exceeds the configured threshold.
waf_debug_log subroutine, the value of this variable indicates whether any rule processed so far has flagged the request for blocking, and not whether any individual rule has done so.
This variable is write-once. A second attempt to
set it will not change the value.