How to disable the WAF rule engine for a particular URI location.

It may be necessary to bypass the WAF for a particular URI location; to prevent false positives; or to gain better performance by decreasing the WAF processing load. The latter may be warranted if there are many requests to a location which does not require the WAF protection. This improves the performance of the service by eliminating unneeded processing.

There are two ways to accomplish this:

1. Use SubVS’s which handle  both WAF and non-WAF requests.

    a.  Modify the Virtual Service and create two Sub-Vitual Services (SubVS).

    b.  Enable WAF on one SubVS and leave WAF disabled on the other.

    c.  Create a content rule to match the URI - /myscripts/script.php

         Rule Examples:

              -Rule Name = User defined
              -Rule Type = Content Matching
              -Match Type = RegEx
              -Header Field = leave this field blank
              -Match String /^\/myscripts\/script\.php$/
              -Ignore Case = checked

    d.  Enable Content Switching on the parent VS under Advanced Properties

    e.  Apply the rule to the WAF disabled subVS.

    f.   Apply he “default” rule to the WAF enabled subVS.

 2. Create a custom rule that will switch off the WAF engine for the specified URI

         Example:

         Location = /myscripts/script.php

           SecRule REQUEST_FILENAME "^/myscripts/script\.php$"

           "phase:1,t:none,nolog,allow,ctl:ruleEngine=3DOff"

 

Was this article helpful?

0 out of 0 found this helpful

Comments