Exceptions
On the Firewall Profiles > Exceptions tab you can define web requests or source networks that are to be exempt from certain checks.
-
On the Exceptions tab, click New Exception List.
The Add Exception List dialog box opens.
-
Specify the following settings:
Name: Enter a descriptive name for the exception.
Skip these checks: Select the security check(s) that should be skipped. See Firewall Profiles for descriptions.
Skip these categories: Select the threat filter categories that should be skipped. See Firewall Profiles for descriptions.
Virtual Webservers: Select the virtual webservers that are to be exempt from the selected check(s).
For all requests: Select a request definition from the drop-down list. Note that you can logically combine two request definitions by either AND or OR.
Networks: Add or select the source networks where the client request comes from and which are to be exempt from the selected check(s). For how to add a network definition, see Definitions & Users > Network Definitions > Network Definitions.
Paths: Add the paths that are to be exempt from the selected check(s). You can either enter a complete path (e.g., /products/machines/images/machine1.jpg) or use asterisks as wildcards (e.g., /products/*/images/*).
Comment (optional): Add a description or other information.
-
Optionally, make the following advanced settings:
Never change HTML during static URL hardening or form hardening: If selected, no data matching the defined exception settings will be modified by the WAF engine. With this option, e.g., binary data wrongly supplied with a text/html content type by the real webserver will not be corrupted. On the other hand, web requests may be blocked due to activated URL hardening, HTML rewriting, or form hardening. Those three features use an HTML parser and therefore to some extent depend on the modification of webpage content. To prevent undesired blocking, skip URL hardening and/or form hardening for requests affected by blocking; you might need to do this in another/new exception to reflect dependencies between webservers and/or webpages.
Accept unhardened form data: Even though having an exception for Form Hardening, it is possible that form data will not be accepted if the Form Hardening signature is missing. With this option unhardened form data will be accepted anyway.
-
Click Save.
The new exception appears on the Exceptions list.
-
Enable the exception.
The new exception is disabled by default (toggle switch is gray). Click the toggle switch to enable the exception.
The exception is now enabled (toggle switch is green).
To either edit or delete an exception, click the corresponding buttons.