Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

How to disable the WAF rule engine for a particular URI location

It may be necessary to bypass WAF for a particular URI location; to prevent false positives; or to gain better performance by decreasing WAF processing load. The latter may be warranted if there are many requests to a location which does not require WAF protection. This improves the performance of the service by eliminating unneeded processing.

There are two ways to accomplish this:

1. Use Sub-Vitual Services (SubVS) which handle both WAF and non-WAF requests.

    a.  Modify the Virtual Service and create two SubVS's.

    b.  Enable WAF on one SubVS and leave WAF disabled on the other.

    c.  Create a Content Rule to match the URI - "/myscripts/script.php". See the example in the image below. As we are matching on the URI, remember to leave the Header Field blank.

    User_defined_WAF.png

    d.  Enable Content Switching on the parent VS under Advanced Properties.

    e.  Apply the rule to the WAF disabled SubVS.

    f.   Apply the “default” rule to the WAF enabled SubVS.

 2. Create a WAF custom rule that will disable the WAF engine for the specified URI

         Example:

         Location = /myscripts/script.php

           SecRule REQUEST_FILENAME "^/myscripts/script\.php$"

           "phase:1,t:none,nolog,allow,ctl:ruleEngine=3DOff"

 


Comments