What Happened?
This article will explain how the request will match the WAF Exclusion Rule List if you have multiple rules and the execution order.
Environment
- Distributed Cloud (SaaS)
- F5® Distributed Cloud Load Balancer
Resolution/Answer
There are 2 sections in the WAF exclusion rule, match part and action part, the Domain and Path, Methods belong to the match part, and Signature ID, Violations, and Attack Types belong to the action part.
If a request goes to the WAF, it will check the match part first, and if the first rule matches this request, then it will go to the first rule and won't be checked by the rest rules. And if the request goes to one specific rule, WAF will check this request of the action part, if it matches the action part, WAF will allow this request.
So if your first rule in the list is like the below, then every request will be matched and go to this rule, and the rest rules won't be chekced.