I and have false positives on “cookie” HTTP header on WAF “OWASP Core Ruleset”. I would like WAF rules to ignore this particular header and apply all the rules in the ruleset to remaining HTTP headers.
Does anyone know if this is possible to configure CF to ignore a selected header for WAF inspection?
I’m aware that you can configure WAF exception for cookie header, however the issue with this approach is that once the exception is triggered by cookie header, the rest of the request (remaining headers etc.) will also skip the selected WAF rules in the exception.
Thanks in advance.