Follow

How To Allowlist URLs or URIs so that the WAF policy does not trigger a violation

Description

The process of allowing (formerly known as whitelisting) URLs or URIs to avoid/bypass WAF policy inspection for an application proxy

  • Exclude URL or URI from the WAF policy inspection process
  • Avoid triggering WAF violation(s) on an URL or URI 

 

Environment

  • Silverline Proxy
  • Silverline DDoS
  • Proxy/Proxies
  • WAF Policy/Policies

 

Procedure

    1. In the portal go to: Config / Proxy Configuration / Proxy Management / Live Configuration
    2. Select and click in the proxy to open the proxy configuration.
    3. Once in the proxy configuration, go to Services and select the service.
    4. Go to Security Policies.
    5. Under Profile Setting click in the Add button, you will see a new profile configuration:mceclip0.png
    6. In the new profile add the URL or URI.
      • mceclip0.png
      • Note: URI field uses "start_with" operator, this means that URL or URI will match any other character in the URL or URI after the string value. Ex: /Path2, /Path3
    7. Once you finish, you will see two profiles
      • You can drag the URI configuration up and down to re-arrange the order
      • mceclip2.png
      • Please Note:
        Drag specific URLs to the top and generic URLs to the bottom
        as the matching will be based on "starts_with" operator

        For example, a proxy is configured with
        1. /helloworld/images/
        2. /helloworld/images/jpg
        3. /helloworld/login
        4. *

        * If URL comes in as "/helloworld/images/jpg/image001.jpg"
        URL will match the first configuration "/helloworld/images/" due to the "starts_with" operator
    8. Click on Save and Deploy button.
    9. The WAF will no longer trigger violations on this specified URI with the WAF Policy set to "None".

 

Related Content

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request