Airlock Gateway 's allow definition of fine-grained exceptions for all request attributes. Deny rule exceptions can be defined for individual rules or for entire deny rule groups. Defining an exception for a group has the same effect as defining the exception for each rule of the group individually.
For exceptions to take effect, the following conditions must hold:
- The deny rule for which an exception is defined must block a request.
- Any of the relevant exceptions must match. Multiple exceptions are linked with a logical OR operation.
- For an individual exception to match, all exception attributes must be matched. Attributes within an exception are linked with a logical AND operation.
Be as specific as possible when defining exceptions. For instance, adding an exception for content type "application/pdf" may allow bypassing a deny rule simply by adding a header to requests! Whether or not the content is actually interpreted as a PDF file depends on the application and cannot be controlled by Airlock Gateway .