This section discusses Creating Exceptions for WAF policies.

To create Exceptions:

Procedure

  1. From the Avi Load Balancer UI, navigate to Applications > Virtual Services.
  2. Click the Virtual Service mapped to the WAF Policy and navigate to Logs.
  3. Filter the WAF log analytics. You can analyze the WAF logs based on parameters like the client IP, URI, the type of request, and so on.
  4. WAF Hits displays all the rules that were matched.
  5. Click +Add Group Exceptions or +Add Rule Exception to create an Exception for a false positive remediation.
  6. Save the Exception.

    Alternatively, Exceptions can be manually defined for a group or a rule within the WAF Policy. This can be done at the Pre-CRS, CRS, or Post-CRS levels.

    In the following example, HTML is added through the parameters.

    Request

    Match Element

    False Positive Reason

    POST /foo/bar_form.php HTTP/1.1

    Host: boofar.com

    name1=value1&name2=value2&img=<img+src='/images/foo.png'>

    ARGS:img

    XSS rules match "<img...