Add a WAF exception in the dashboard
1. Go to the zone or account dashboard page
To add a WAF exception at the zone level:
- Log in to the Cloudflare dashboard, and select your account and domain.
- Go to Security > WAF > Managed rules.
- Select Add exception.
To add a WAF exception at the account level (Enterprise plans only):
- Log in to the Cloudflare dashboard, and select your account.
- Go to Account Home > WAF > Managed rulesets.
- Select Deploy > Deploy managed exception.
2. Define basic exception parameters
In Exception name, enter a name for the exception.
In When incoming requests match, specify a filter expression that defines the conditions for applying the WAF exception. When the expression matches, the WAF will evaluate the exception skipping one or more rules of WAF managed rulesets. The filter expression uses the Rules language.
3. Select the rules to skip
In Then, select the exception type that determines which rules to skip:
- Skip all remaining rules: Skips all remaining rules of WAF managed rulesets. If you select this option, proceed to 4. Create the exception.
- Skip specific rules from a Managed Ruleset: Skips one or more rules of a managed ruleset.
Select Select ruleset.
Next to the ruleset containing the rule(s) you wish to skip, select Select rules.
A) To skip one or more rules in the ruleset:
- Search for a rule using the available filters. You can search by description, rule ID, or tag. For example, in the Cloudflare OWASP Core Ruleset you can search for
920460
to find the rule920460: Abnormal character escapes in request
. - Select the checkbox next to the rule(s) you wish to skip.
- If required, search for other rules and select them. The dashboard keeps a list of the rules you selected between searches.
B) To skip all the rules in the ruleset:
Select all the rules in the current page by selecting the checkbox in the table header, near Description/Rule ID. The table header will display
10 rules selected (of <TOTAL> rules)
.Select Select all <TOTAL> rules in the table header to select all the rules across all pages.
- Search for a rule using the available filters. You can search by description, rule ID, or tag. For example, in the Cloudflare OWASP Core Ruleset you can search for
Select Next.
4. Create the exception
(Optional) To disable logging for requests matching the WAF exception, disable Log matching requests.
To save and deploy your exception, select Deploy. If you are not ready to deploy your exception, select Save as Draft.