Custom rules

s.watson · March 29, 2023, 9:03am

Hey all

Is it possible to configure a WAF rule to ignore certain OWASP rules for certain FORM fields?

I have a website which has a SQL query input field, and I’d like to bypass the OWASP rules solely for this .
I seem to be able to add a rule to bypass the entire WAF if this field exists, but that is over kill, I simply want to exclude a few OWASP rules.

Cheers

WhiteDemonhia · March 30, 2023, 5:32pm

Hello!

Go to Managed rules tab > add exception > Input some request you want to be bypassed > Mark Skip specific rules from a Managed Ruleset > Select Rules > Select OWASP and select the rules that you don’t want to trigger.

system · April 14, 2023, 5:32pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.