You can configure whitelist rules to allow requests that have the same characteristics based on your business scenarios. You can configure to skip all rules or specific protection rules for these requests. For example, you can configure to skip custom rules, rate limiting rules, managed rules, scan protection rules, and bot management rules.
Create a whitelist rule
Log on to the ESA console.
In the left-side navigation pane, click Websites.
On the Websites page, find the website that you want to manage, and click the website name or View Details in the Actions column.
In the left-side navigation tree, choose Security > WAF. On the page that appears, click the Whitelist Rules tab.
On the Whitelist Rules tab, click Create Rule.
Specify Rule Name.
Specify the conditions for matching incoming requests in the If requests match... section. For more information, see WAF.
Specify the rules that you want to skip in the Then skip... section.
All Rules: All Web Application Firewall (WAF) and bot management rules are skipped.
Certain Rules: You can select specific rules that you want to skip. If you select Managed Rules from the drop-down list, you can specify the type such as SQL injection or ID of the rule that you want to skip. For more information, see Rule groups.
Click OK.
Feature availability
Feature | Basic | Standard | Advanced | Enterprise |
Whitelist rules | 2 | 3 | 5 | 10 |