The Allowlist functionality allows the definition of match conditions for requests that will perform associated actions.


Bypassing WAF when there is a match :

  • The request comes from a specific IP range.


  • The request matches the URL pattern specified using the HTTP Method match type.

Use cases

  • Allow access from the internal network.

  • A security scanner that scans the application directly bypassing WAF protection.

  • Do not check special parts of the URL space, for example “/upload/*”.

  • Run parts of the application in Detection mode.