Sometimes, requests are blocked by deny rules due to content resembling attacks but may be valid for a web application. These blocks are called false positives. If you have verified that the web application is working correctly and a blocked request is a false positive, you have several options:
- Dealing with false positives:
- Add an exception for the blocking deny rule group (or more specifically to the blocking deny rule) by clicking the "Add" button on the right side.
- Use policy learning to generate meaningful exception suggestions from observed blocks.
- Choose a lower security level for the corresponding deny rule group on the affected mapping (e.g., go back from level strict to standard).
- In case the block pertains to a single rule, the rule can be set to log-only specifically or even disabled if the security level is set to custom.
- Change the web application if possible.
Deny rules allow the definition of fine-grained exceptions for all attributes. For more details please refer to the deny rule exceptions page.