OWASP configuration per URL/host

Is it possible to configure the OWASP ruleset settings (action and paranoia level) according to hostname, URL etc? I would like to test a higher paranoia level on certain hostnames, or just log on certain hosts or URLs for testing rather than blocking.

I see it is possible to exclude from the ruleset entirely based on a filter, but I don’t see a way to set the action or level based on a filter.

Hmm it looks like this will need Subdomain Support which is available on Enterprise plan only.

I’m afraid you can only exclude the rule from acting on a URL, but not specify a different setting.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.