Deny rule configuration

Sometimes, requests are blocked by deny rules due to content resembling attacks but may be valid for a web application. These blocks are called false positives. If you have verified that the web application is working correctly and a blocked request is a false positive, you have several options:

  • Dealing with false positives:
  • Add an exception for the blocking deny rule group (or more specifically to the blocking deny rule) by clicking the "Add" button on the right side.
  • Use policy learning to generate meaningful exception suggestions from observed blocks.
  • Choose a lower security level for the corresponding deny rule group on the affected mapping (e.g., go back from level strict to standard).
  • In case the block pertains to a single rule, the rule can be set to log-only specifically or even disabled if the security level is set to custom.
  • Change the web application if possible.

Deny rules allow the definition of fine-grained exceptions for all attributes. For more details please refer to the deny rule exceptions page.