What is the difference between WAF Custom Rules and Page Rules?

What is the issue you’re encountering

I am using WAF custom rules to skip various components. Specifically I’m matching on URI Path if it contains ‘/path/to/page’. I had originally set up Page Rules for this. I don’t understand what the difference is and which one I should be using.

My end goal is to prevent users from getting challenged on a web page that is only accessible after the user is authenticated. So, there is no risk of an attacker flooding that page thus I want to exclude it.

Page Rules are “old”. WAF custom rules are “new”. The plan has been for Page Rules to be deprecated and removed once the new Rules can do everything the old ones can do and more. This has taken some time, and so for now, both exist.

If WAF rules can do what you want, it’s probably best to stick to those going forward.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.