Excluding specific URL from WAF and Security

I’m trying to exclude specific URL from WAF. For the moment without success.

In Page Rules I have this:


Disable Security, Browser Integrity Check: Off, Web Application Firewall: Off, Security Level: Essentially Off

In WAF rules this:

(http.request.full_uri contains "*domain.com/output/ext/stores?api_token=*" and http.request.full_uri contains "*domain.com/stores_xml*" and http.request.uri.path contains "/output/*" and http.request.uri.query contains "stores_xml?api_token=" and http.request.uri.query contains "api_token=*" and http.request.uri contains "/stores_xml?api_token=*" and http.request.uri contains "/output/ext/stores?api_token=*")

The URL’s I want to exclude are (xxxxx is different for every customer):


I have to mention that I have a rule which allows only some countries, for others Managed challenge is selected.

The idea in general is bypass Cloudflare for such url’s

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.