How to prevent false 981176

A part of one of our protected sites keeps getting false positives on the OWASP 981176. We’ve changed the settings to log/simulate to observe but now it’s not being protected. How do we get around this? Can the WAF ignore these pages? If so, how?

You can use a Page Rule to disable WAF for that page or directory.

1 Like

So if it’s flagging something like www.site.com/news, I should be whitelisting that using page rules?

It wouldn’t be an allow list. You’d add a page rule similar to:
Match: example.com/news* with a setting for Web Application Firewall (disable).

1 Like

Thank you for your help. Trying this out now.

1 Like