I would like to know if there is anything wrong in my page rule.
I want to disable the Web Application Firewall on a certain page in the content management system because I am using a rich-text editor and firewall keeps prompting the challenge page because it thinks that some kind of code is being injected in the payload because it contains HTML tags (Such as bold, italic, etc…).
I created the below page rules, but the WAF is still showing the challenge page:
Page Rule Settings:
Disable Web Application Firewall
I tried re-ordering the page rules but still, I get the same results.
I don’t really wish to disable security on the whole backend because it contains the login page. Any suggestions on how to get this done or if there is anything wrong in my matching URLs?
Note: After I removed the https:// from the URL (Few hours ago), no logs have been recorded yet (Hopefully it worked). I’ll monitor for 24 hours and check.
[UPDATE]
The logs are still being recorded. The page rule is not working!
[SOLUTION]
Page rules work from top to bottom and there was another page rule active on the same URL. I had to either combine both page rules in one or re-order the WAF page rule and place it on top.