You can configure whitelist rules to allow requests with the specified characteristics, exempting them from all or certain rules, including custom rules, rate limiting rules, managed rules, scan protection rules, and bot management rules.
Create a whitelist rule
Log on to the ESA console.
In the left-side navigation pane, click Websites.
On the Websites page, find the website that you want to manage, and click the website name or View Details in the Actions column.
In the left-side navigation tree, choose Security > WAF. On the page that appears, click the Whitelist Rules tab.
On the Whitelist Rules tab, click Create Rule.
On the page that appears, specify Rule Name.
Specify the conditions for matching incoming requests in the If requests match... section. For more information, see WAF.
Specify the rules that you want to skip in the Then skip... section.
All Rules: All Web Application Firewall (WAF) and bot management rules are skipped.
Certain Rules: You can select specific rules that you want to skip. If you select Managed Rules from the drop-down list, you can specify the type such as SQL injection or ID of the rule that you want to skip.
Click OK.
Feature availability
Feature | Entrance | Pro | Premium | Enterprise |
Whitelist rules | 2 | 3 | 5 | 10 |