AnsweredAssumed Answered

Better WAF exclusions?

Question asked by Nick Le Mouton Champion on Jul 16, 2015
Latest reply on Jul 19, 2015 by Nick Le Mouton

Is there better WAF rule exclusions on the roadmap for Kona? I'm hoping they're coming soon, the current exclusion rules are very basic. I'm trying to exclude a specific query parameter for a url at the moment, but it seems I can't do that. The query parameter is "p" which I can exclude from a rule, but it excludes it everywhere, not just for a specific url. I don't know whether the query parameter "p" is vulnerable in other places, so doing a global exclude could be dangerous.

 

It would be great to see some proper boolean matches, i.e. (url = /test.html AND query param = q) OR (query param = g)... It would be much safer and more powerful.

Outcomes