Forum Discussion
CyberSec
Aug 25, 2022Copper Contributor
Priority of WAF rule
Hi camilamartins tobiotolorin, Thank you for your excellent work in the WAF blog and sessions. I have questions regarding custom rules, In Prevention mode, I know if a request matches the c...
tobiotolorin
Microsoft
Aug 30, 2022Hello CyberSec
At this time, the request will further be processed by the Managed rules, after the custom rules is completed. However, the new WAF engine in detection mode is being updated to behave like prevention mode, hence no further inspection by managed rules. The release date is tentative at this time
At this time, the request will further be processed by the Managed rules, after the custom rules is completed. However, the new WAF engine in detection mode is being updated to behave like prevention mode, hence no further inspection by managed rules. The release date is tentative at this time
- CyberSecAug 31, 2022Copper Contributor
Hi tobiotolorin ,
Thank you for the response. I see the behaviour already in the 3.2 engine compared to 3.0.
Can you please confirm it is already been implemented?
Secondly, Is there a feature in the roadmap to assist WAF in tuning for false positives? I'm using Workbook, But it is time-consuming as there is a lot of application.
It would be nice to have some things like a WAF tuner tool (That can be used to add exceptions to the WAF policy )