This topic lists possible use cases for configuring custom rules.
WAF supports custom rules that can be added for any application-specific use case or for other custom requirements. Custom security rules are based on the ModSecurity language. For more information about the ModSecuity language, see OWASP ModSecurity Core Rule Set.
Custom rules can be configured and executed Pre-CRS and Post-CRS. For more information, see Pre-CRS Rules and Post-CRS Rules.