WAF Rule Exclusions
WAF rule exclusions provide a flexible way to handle false positives, allowing specific variables, rules, and the entire WAF to be excluded on a per request basis. You can configure up to 300 WAF exclusions and each exclusion of type rule
can have up to 30 rules associated with it.
Data model
id | string | Alphanumeric string identifying a WAF rule revision. Read-only. | |
message | string | Message metadata for the rule. Read-only. | |
modsec_rule_id | integer | Corresponding ModSecurity rule ID. Read-only. | |
paranoia_level | integer | Paranoia level for the rule. Read-only. | |
publisher | string | Rule publisher. Read-only. | |
revision | integer | Revision number. | |
severity | integer | Severity metadata for the rule. Read-only. | |
source | string | The ModSecurity rule logic. Read-only. | |
state | string | The state, indicating if the revision is the most recent version of the rule. Read-only. | |
type | string | The rule's type. Read-only. | |
vcl | string | The VCL representation of the rule logic. Read-only. | |
waf_rule_revisions | object | ||
waf_rules | object | ||
condition | string | A conditional expression in VCL used to determine if the condition is met. | |
exclusion_type | string | The type of exclusion. | |
logging | boolean | Whether to generate a log upon matching. [Default true ] | |
name | string | Name of the exclusion. | |
number | integer | A numeric ID identifying a WAF exclusion. | |
relationships.waf_rule_revisions.id | string | Alphanumeric string identifying a WAF rule revision. | |
relationships.waf_rules.id | string | Alphanumeric string identifying a WAF rule. | |
variable | string | The variable to exclude. An optional selector can be specified after the variable separated by a colon (: ) to restrict the variable to a particular parameter. Required for exclusion_type=variable . | |
created_at | string | Date and time in ISO 8601 format. Read-only. | |
deleted_at | string | Date and time in ISO 8601 format. Read-only. | |
updated_at | string | Date and time in ISO 8601 format. Read-only. |
Endpoints
GET/waf/firewalls/firewall_id
/versions/firewall_version_number
/exclusions
POST/waf/firewalls/firewall_id
/versions/firewall_version_number
/exclusions
GET/waf/firewalls/firewall_id
/versions/firewall_version_number
/exclusions/exclusion_number
DELETE/waf/firewalls/firewall_id
/versions/firewall_version_number
/exclusions/exclusion_number