We are blocking a lot of requests with WAF rules. However, we would like to inspect the blocked requests more deeply to see that we’re not accidentally blocking genuine requests. How can we inspect WAF blocked events more deeply? Or somehow log more info about requests before they’re blocked? We basically need to see the headers of the request.
What steps have you taken to resolve the issue?
Tried exporting the JSON from the events page. Tried googling.
May I ask if you’re using a Free or Paid plan type?
Otherwise, on Business plan there are Instant logs, while for Enterprise via Logpush we can export more details for Security events which are available as Fields:
Please, consider fixing this and make sure to use Full (Strict) setup for SSL/TLS further.