Forum Discussion
Priority of WAF rule
Hi camilamartins tobiotolorin,
Thank you for your excellent work in the WAF blog and sessions. I have questions regarding custom rules,
In Prevention mode, I know if a request matches the custom rules, then it does not check for Managed rules. Is it the same behaviour for the Detention Mode as well? or does it match the custom rule, But still check for other rules?
Appreciate your inputs!
2 Replies
- tobiotolorin
Microsoft
Hello CyberSec
At this time, the request will further be processed by the Managed rules, after the custom rules is completed. However, the new WAF engine in detection mode is being updated to behave like prevention mode, hence no further inspection by managed rules. The release date is tentative at this timeHi tobiotolorin ,
Thank you for the response. I see the behaviour already in the 3.2 engine compared to 3.0.
Can you please confirm it is already been implemented?
Secondly, Is there a feature in the roadmap to assist WAF in tuning for false positives? I'm using Workbook, But it is time-consuming as there is a lot of application.
It would be nice to have some things like a WAF tuner tool (That can be used to add exceptions to the WAF policy )
