Skip to content
WAF
Visit WAF on GitHub
Set theme to dark (⇧+D)

Define WAF exceptions via API

To define a WAF exception via API, create a rule with skip action in a phase entry point ruleset of the http_request_firewall_managed phase. You can define WAF exceptions at the account level and at the zone level.

To configure the WAF exception, define the action_parameters object according to the exception type.

Refer to Add rules to phase entry point rulesets for more information on adding rules using the Rulesets API.

Skip all remaining rules

To skip all the remaining rules in the entry point ruleset, create a rule with skip action and include "ruleset": "current" in the action_parameters object.

Example of rule definition:

{
"expression": "<RULE_EXPRESSION>",
"action": "skip",
"action_parameters": {
"ruleset": "current"
}
}

Skipping all remaining rules only affects the rules in the current context (account or zone). For example, adding a rule with skip action to the account-level phase entry point ruleset has no impact on the rules defined in the zone-level phase entry point ruleset — these zone-level rules will still be evaluated.

Skip one or more WAF Managed Rulesets

To skip one or more WAF Managed Rulesets, create a rule with skip action containing a rulesets field in the action_parameters object. The rulesets field must contain a list of WAF Managed Ruleset IDs you wish to skip.

Example of rule definition:

{
"expression": "<RULE_EXPRESSION>",
"action": "skip",
"action_parameters": {
"rulesets": [
"{waf-managed-ruleset-id-1}",
"{waf-managed-ruleset-id-2}"
]
}
}

The Managed Rulesets to skip must belong to the http_request_firewall_managed phase.

Skip one or more rules of WAF Managed Rulesets

To skip one or more rules of WAF Managed Rulesets, create a rule with skip action containing a rules object in the action_parameters object. The rules object must contain one or more Managed Ruleset IDs as keys, and a list of rules to skip in those Managed Rulesets as the value of each key.

The following example defines a rule with skip action that will skip rules A and B of WAF Managed Ruleset 1, and rule X of WAF Managed Ruleset 2:

{
"expression": "<RULE_EXPRESSION>",
"action": "skip",
"action_parameters": {
"rules": {
"{waf-managed-ruleset-id-1}": ["{rule-id-A}", "{rule-id-B}"],
"{waf-managed-ruleset-id-2}": ["{rule-id-X}"]
}
}
}

The rules in the rules object must belong to the specified WAF Managed Rulesets, otherwise you will get an error.