WAF Managed ruleset log mode for subdomain only but not root domain

kleung · March 21, 2025, 12:41pm

Type

Product improvement

Description

Separate Managed ruleset with Log action for being launched subdomain

Benefit

When customer has full DNS setup for whole domain with multiple subdomains are proxied, customer cannot verify if application impact will be happened when enable proxy for subdomain (e.g. sub1.example.com). Neither change the default action of Managed Rulesets for global, nor edit scope to control subdomain only. Admin cannot keep example.com and other subdomain being protected (Block), while going to test sub1.example.com with Log action.The benefit of this request is to review which managed rules would be violated/ hit in Security Analytics or Security Events.

mcorreia · March 28, 2025, 12:15pm

Hi there,

You can either use the trace feature in your account (Account > “Trace”) to see what rules/features the request hits, or go to “Security” > “Events” and filter by hostname to see which firewall components hit in real-time:

Additionally, depending on your plan, you can also create a custom WAF rule with the action set simply as “Log”:

Take care.

system · March 30, 2025, 12:16pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
WAF managed rules on subdomains (Pro plan) Security	2	1394	April 15, 2023
Set subdomain to log for WAF? Security	1	480	November 18, 2023
WAF action by subdomain Website, Application, Performance	0	755	August 5, 2023
WAF rule block all log particular host Security	1	732	May 12, 2023
Bypass WAF for the specific sub-domain Getting Started	4	2751	November 2, 2021

WAF Managed ruleset log mode for subdomain only but not root domain

Type

Description

Benefit

Related topics