Custom rules

Hey all

Is it possible to configure a WAF rule to ignore certain OWASP rules for certain FORM fields?

I have a website which has a SQL query input field, and I’d like to bypass the OWASP rules solely for this .
I seem to be able to add a rule to bypass the entire WAF if this field exists, but that is over kill, I simply want to exclude a few OWASP rules.



Go to Managed rules tab > add exception > Input some request you want to be bypassed > Mark Skip specific rules from a Managed Ruleset > Select Rules > Select OWASP and select the rules that you don’t want to trigger.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.