I understand the application of firewall rules to process Firewall Rules ahead of WAF Rules, yet it appears that there is a race condition between the.
I’ve setup the following rule to ALLOW: (http.request.uri.path eq “/salesforce/webhook_callback.json” and ip.geoip.asnum eq 14340)
The rule seems to be applying correctly about 90% of the time, but perhaps there is a race condition in play because the WAF is tagging these connections the other 10%. The following picture should provide some additional context.
I appreciate any guidance the community might provide.