Sometimes, the In-App WAF can detect attacks in requests that are harmless. That's because pattern-based detection only looks at what the request looks like. By design, some application can have many of these false positives.
To let you have better control over what's being detected, we've extended the In-App WAF passlist to ignore some parameters or paths.
- Parameters: you can now tell the In-App WAF to ignore some parameters. This is useful for fields that contain user input with SQL queries or searches.
- Paths: the In-App WAF can also ignore paths matching a prefix, a regex or an exact value.
You'll find these settings under Settings > Passlist, or directly from the Security Activity.
If you have any feedback, let us know by email at email@example.com.