Requests keep blocking with WAF Rule (Skip)


I use a service that need to get my product feed daily. I’ve created a rule to allow this kind of requests but they cannot get the feed from my site.

Please check the images bellow:

Request on logs:

My custom rule:

Any thoughts?

I’d suggest you to:

  1. Change the WAF Rule and make sure it’s OR not AND, also the URI Path switch to “contains” rather than “equals” (the ending slash / could also affect if it works or not).
  2. Under the “Skip” action I’d select multiple security products (including Managed Rules - despite a bit of risk if some DDoS or scrapper bot comes to this)
  3. Allow the IP address which can be seen from the screenshot under the WAF → Tools → IP Access Rules with the action “allow” for your Website
  4. Test again


i’ve tried all those but it doesn’t work, why?
Seems like bot protection has priority over this WAF Rule somehow…

Requester sent me IPs to allowlist, I can do so, but for that I would like to ask if there’s a way to group allowlisted IPs in order not to loose control over the list.

Any feature that allow me to group them?

Thank you