We are using the WAF managed firewall rules to protect our website.
Is there a way to setup the firewall so that it only protects part of a website?
For example, say we have two main folders in our website: one called Public for our public facing pages, and one called Private for pages that are protected by authentication.
We only want the managed firewall rules to scan traffic for all of the pages within the Public folder and to allow all traffic on all pages in the Private folder?
I see under the (custom) Firewall rules (unmanaged) that you can setup URI matching to limit pages for these rules. How can I do the same for the managed rules?
I tried setting up a custom Firewall rule that said if the URL contains “/Private/” to allow all traffic, however it did not seem to have an affect on the managed rules.