This section discusses Exceptions in WAF.

Exceptions allow for tuning a WAF Policy to work with an application. They are generated when the regular traffic of an application and the configured WAF rules match.

The following are a few reasons for creating Exceptions:

  1. Applications do not conform with the System-WAF-Policy.

  2. The application transmits data that resembles an attack to the WAF. For example, transferring HTML content in query parameters.

  3. The application has special requirements that are not allowed in the WAF Policy. For example, accessing the application using their direct IP address.

Recommended Assisted Workflow

The steps in mitigating a false positive are given below:

  1. Identify a potential false positive.

    Note:

    False positives can occur in large numbers for different client IP addresses.

  2. Eliminate the false positive by adding an Exception to the rule.

  3. Exceptions can be created either at a group or rule level. Exceptions are activated immediately after they are created.