How to prevent false 981176

A part of one of our protected sites keeps getting false positives on the OWASP 981176. We’ve changed the settings to log/simulate to observe but now it’s not being protected. How do we get around this? Can the WAF ignore these pages? If so, how?

You can use a Page Rule to disable WAF for that page or directory.

1 Like

So if it’s flagging something like Custom Application Development Software for Business -, I should be whitelisting that using page rules?

It wouldn’t be an allow list. You’d add a page rule similar to:
Match:* with a setting for Web Application Firewall (disable).

1 Like

Thank you for your help. Trying this out now.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.