Can I Exclude Specific URLs from WAF Managed Rule Policies?

0
1
Asked By TechSavvy1234 On

I'm trying to find a way to exclude certain URL paths from my Web Application Firewall (WAF) managed rule policies because they're triggering SQL injection rules, leading to too many false positives. When I attempt to add an exclusion for a specific rule, I notice there's no option to base it on the request URI. I understand that creating a custom rule would allow me to control this, but I worry that using custom rules would ignore other important rules, especially since I only want to exclude certain anomalies without negating the overall protection. Is there really no way to exclude URLs on a per-rule basis within the managed rules?

4 Answers

Answered By CyberSleuth8 On

As for managed rules in FD WAF, the closest workaround is using a query string argument name for exclusions on a per-rule basis. It’s not perfect, but it’s something!

Answered By PathFinder73 On

If you're open to changing the routing rule, consider switching to path-based routing. You could include those paths and attach a policy with your needed exclusions. Just keep in mind that rules are processed in the order they're listed, so set your wildcards as the least specific at the end!

Answered By CloudGuru99 On

You're right! Currently, there's no way to exclude specific request URIs for managed rules without using custom rules. It’s a bit of a bummer, but the good news is that this feature might change in the future.

Answered By DevNinja42 On

Exactly! If you use a custom rule, it does override all other rules, which isn’t ideal since you want to keep some protections active. I often reserve custom rules for cases where nothing else works.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.