Working with signal exclusion rules
Last updated 2024-08-28
A signal exclusion rule prevents requests with a particular pattern from being tagged with a specific system signal. You can use signal exclusion rules to help avoid false positives. For example, you may want to prevent requests that are from internal IP addresses and that failed to access an admin page from being tagged with the FORCEFULBROWSING
signal.
Limitations and considerations
When working with signal exclusion rules, keep the following in mind:
- Signal exclusion rules are limited to 1000 at the corp-level (also known as account-level) plus 1000 at the site-level (also known as workspace-level) and count against the total number of request rule limits for corps (accounts) and sites (workspaces).
- The Essentials platform does not include corp-level (account-level) signal exclusion rules.
Working with corp-level (account-level) signal exclusion rules
Corp-level (account-level) signal exclusion rules apply to one or more sites (workspaces) within your corp (account). You can manage your corp-level (account-level) rules from the Corp Rules page.
Viewing corp-level (account-level) signal exclusion rules
To view a corp-level (account-level) signal exclusion rule, follow these steps:
- Log in to the Next-Gen WAF control panel.
- From the Corp Rules menu, select Corp Rules.
- Click Edit to the right of the rule that you want to view. The View page appears.
Creating corp-level (account-level) signal exclusion rules
To create a corp-level (account-level) signal exclusion rule, follow these steps:
- Log in to the Next-Gen WAF control panel.
From the Corp Rules menu, select Corp Rules.
Click Add corp rule.
In the Type section, select Signal exclusion.
From the Signal menu, select the signal that you want to prevent from being assigned to requests that meet specific conditions.
Fill out the fields in the Conditions section as follows:
- From the Field menu, select the request field that the condition is based on.
- In the Value field, enter a value for the specified field.
- From the Operator menu, select an operator to specify how the selected field and value relate.
- (Optional) Click Add condition to add another condition, or click Add group to create a group of conditions.
- Select All to specify that a request must meet every condition to be excluded or Any to specify that a request must meet only one condition to be excluded.
Fill out the fields in the Details section as follows:
- Leave the Status switch enabled.
- In the Description field, enter a description of the rule.
- From the Scope menu, leave Global selected for the rule to apply to all your sites. If you want the rule to apply to specific sites, select Specific sites and then select the sites the rule should apply to.
Click Create corp rule. The rule is created, and the Corp Rules page appears.
Editing corp-level (account-level) signal exclusion rules
To edit a corp-level (account-level) signal exclusion rule, follow these steps:
- Log in to the Next-Gen WAF control panel.
From the Corp Rules menu, select Corp Rules.
Click Edit to the right of the rule that you want to delete.
From the Signal menu, select the signal that you want to prevent from being assigned to requests that meet specific conditions.
Fill out the fields in the Conditions section as follows:
- From the Field menu, select the request field that the condition is based on.
- In the Value field, enter a value for the specified field.
- From the Operator menu, select an operator to specify how the selected field and value relate.
- (Optional) Click Add condition to add another condition, or click Add group to create a group of conditions.
- Select All to specify that a request must meet every condition to be excluded or Any to specify that a request must meet only one condition to be excluded.
Fill out the fields in the Details section as follows:
- Leave the Status switch enabled.
- In the Description field, enter a description of the rule.
- From the Scope menu, leave Global selected for the rule to apply to all your sites. If you want the rule to apply to specific sites, select Specific sites and then select the sites the rule should apply to.
Click Update corp rule. The rule is updated, and the Corp Rules page appears.
Deleting corp-level (account-level) signal exclusion rules
To delete a corp-level (account-level) signal exclusion rule, follow these steps:
- Log in to the Next-Gen WAF control panel.
- From the Corp Rules menu, select Corp Rules.
- Click Edit to the right of the rule that you want to delete.
- Click Remove corp rule and then Delete corp rule. The rule is deleted, and the Corp Rules page appears.
Working with site-level (workspace-level) signal exclusion rules
Site-level (workspace-level) signal exclusion rules apply to only one site (workspace). You can manage your site-level (workspace-level) rules from the Site Rules page.
Viewing site-level (workspace-level) signal exclusion rules
To view a site-level (workspace-level) signal exclusion rule, follow these steps:
- Next-Gen WAF control panel
- Fastly control panel
- Log in to the Next-Gen WAF control panel.
- From the Sites menu, select a site if you have more than one site.
- From the Rules menu, select Site Rules.
- Click Edit to the right of the rule that you want to view. The View page appears.
Creating site-level (workspace-level) signal exclusion rules
To create a site-level (workspace-level) signal exclusion rule, follow these steps:
- Next-Gen WAF control panel
- Fastly control panel
- Log in to the Next-Gen WAF control panel.
- From the Sites menu, select a site if you have more than one site.
From the Rules menu, select Site Rules.
Click Add site rule.
In the Type section, select Signal exclusion.
From the Signal menu, select the signal that you want to prevent from being assigned to requests that meet specific conditions.
Fill out the fields in the Conditions section as follows:
- From the Field menu, select the request field that the condition is based on.
- In the Value field, enter a value for the specified field.
- From the Operator menu, select an operator to specify how the selected field and value relate.
- (Optional) Click Add condition to add another condition, or click Add group to create a group of conditions.
- Leave All selected to specify that a request must meet every condition to be excluded or select Any to specify that a request must meet only one condition to be excluded.
Fill out the fields in the Details section as follows:
- Leave the Status switch enabled.
- In the Description field, enter a description of the rule.
Click Create site rule. The rule is created, and the Site Rules page appears.
Editing site-level (workspace-level) signal exclusion rules
To edit a site-level (workspace-level) signal exclusion rule, follow these steps:
- Next-Gen WAF control panel
- Fastly control panel
- Log in to the Next-Gen WAF control panel.
- From the Sites menu, select a site if you have more than one site.
From the Rules menu, select Site Rules.
Click Edit to the right of the rule that you want to modify.
From the Signal menu, select the signal that you want to prevent from being assigned to requests that meet specific conditions.
Fill out the fields in the Conditions section as follows:
- From the Field menu, select the request field that the condition is based on.
- In the Value field, enter a value for the specified field.
- From the Operator menu, select an operator to specify how the selected field and value relate.
- (Optional) Click Add condition to add another condition, or click Add group to create a group of conditions.
- Select All to specify that a request must meet every condition to be excluded or Any to specify that a request must meet only one condition to be excluded.
Fill out the fields in the Details section as follows:
- Leave the Status switch enabled.
- In the Description field, enter a description of the rule.
Click Update site rule. The rule is updated, and the Site Rules page appears.
Deleting site-level (workspace-level) signal exclusion rules
To delete a site-level (workspace-level) signal exclusion rule, follow these steps:
- Next-Gen WAF control panel
- Fastly control panel
- Log in to the Next-Gen WAF control panel.
- From the Sites menu, select a site if you have more than one site.
- From the Rules menu, select Site Rules.
- Click Edit to the right of the rule that you want to delete.
- Click Remove site rule and then Delete site rule. The rule is deleted, and the Site Rules page appears.
Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.