Forum Discussion

CyberSec's avatar
CyberSec
Copper Contributor
Aug 25, 2022

Priority of WAF rule

Hi camilamartins  tobiotolorin,

 

Thank you for your excellent work in the WAF blog and sessions. I have questions regarding custom rules, 

 

In Prevention mode, I know if a request matches the custom rules, then it does not check for Managed rules. Is it the same behaviour for the Detention Mode as well? or does it match the custom rule, But still check for other rules?

 

Appreciate your inputs!

2 Replies

  • Hello CyberSec
    At this time, the request will further be processed by the Managed rules, after the custom rules is completed. However, the new WAF engine in detection mode is being updated to behave like prevention mode, hence no further inspection by managed rules. The release date is tentative at this time
    • CyberSec's avatar
      CyberSec
      Copper Contributor

      Hi tobiotolorin ,

       

      Thank you for the response. I see the behaviour already in the 3.2 engine compared to 3.0.

      Can you please confirm it is already been implemented?

       

      Secondly, Is there a feature in the roadmap to assist WAF in tuning for false positives? I'm using Workbook, But it is time-consuming as there is a lot of application.

       

      It would be nice to have some things like a WAF tuner tool (That can be used to add exceptions to the WAF policy )

Resources