WAF Rule Exclusions

WAF rule exclusions provide a flexible way to handle false positives, allowing specific variables, rules, and the entire WAF to be excluded on a per request basis. You can configure up to 300 WAF exclusions and each exclusion of type rule can have up to 30 rules associated with it.

Data model

idstringAlphanumeric string identifying a WAF rule revision. Read-only.
messagestringMessage metadata for the rule. Read-only.
modsec_rule_idintegerCorresponding ModSecurity rule ID. Read-only.
paranoia_levelintegerParanoia level for the rule. Read-only.
publisherstringRule publisher. Read-only.
revisionintegerRevision number.
severityintegerSeverity metadata for the rule. Read-only.
sourcestringThe ModSecurity rule logic. Read-only.
statestringThe state, indicating if the revision is the most recent version of the rule. Read-only.
typestringThe rule's type. Read-only.
vclstringThe VCL representation of the rule logic. Read-only.
waf_rule_revisionsobject
waf_rulesobject
conditionstringA conditional expression in VCL used to determine if the condition is met.
exclusion_typestringThe type of exclusion.
loggingbooleanWhether to generate a log upon matching. [Default true]
namestringName of the exclusion.
numberintegerA numeric ID identifying a WAF exclusion.
relationships.waf_rule_revisions.idstringAlphanumeric string identifying a WAF rule revision.
relationships.waf_rules.idstringAlphanumeric string identifying a WAF rule.
variablestringThe variable to exclude. An optional selector can be specified after the variable separated by a colon (:) to restrict the variable to a particular parameter. Required for exclusion_type=variable.
created_atstringDate and time in ISO 8601 format. Read-only.
deleted_atstringDate and time in ISO 8601 format. Read-only.
updated_atstringDate and time in ISO 8601 format. Read-only.

Endpoints

List WAF rule exclusions

Deprecated

GET/waf/firewalls/firewall_id/versions/firewall_version_number/exclusions

Create a WAF rule exclusion

Deprecated

POST/waf/firewalls/firewall_id/versions/firewall_version_number/exclusions

Get a WAF rule exclusion

Deprecated

GET/waf/firewalls/firewall_id/versions/firewall_version_number/exclusions/exclusion_number

Delete a WAF rule exclusion

Deprecated

DELETE/waf/firewalls/firewall_id/versions/firewall_version_number/exclusions/exclusion_number

Update a WAF rule exclusion

Deprecated

PATCH/waf/firewalls/firewall_id/versions/firewall_version_number/exclusions/exclusion_number