Exception policies are supplements or restrictions to configured basic or advanced protection policies. On the Exception Policy page, you can create, edit, delete, and duplicate exception policies. You can also create and edit exception policies on the Website Protection page.
Choose Security Management > Policy Management > Exception Policy, click Create in the upper-right corner, configure basic information as required and click OK.
Parameters for creating an exception policy
|Name||Name of the new policy.|
|Description||Brief description of the new policy.|
|Policy Type||Type of the target policy.|
|Policy Instance||Target policy instance.|
|Rule||Target rule instance. |
(1) If no rule set exists under the protection policy, the system displays “No rule”. In this case, WAF adds the selected policy instance to the exception policy.
(2) If a rule set exists under the policy:
If no rule is selected, WAF also adds the selected policy instance to the exception policy.
If a rule is selected, WAF adds only this rule to the exception policy.
|Exception Source IPs||Specifies source IP addresses to which the new policy applies. You can enter a single IP address (such as 10.66.9.1) or an IP address range (such as 192.168.1.1-192.168.1.255). Leaving it empty means that the new policy applies to all IP addresses.|
|Exception URLs||Specifies URLs to which the new policy applies. Each URL takes up one line, in the format of [$]domain name[:port]/path/file. A URL starting with $ indicates matching based on regular expression. A URL not starting with $ indicates exact match. |
Leaving it empty means that the new policy applies to all URLs.
Enable exception policies for protected website groups:
Choose Security Management > Website Protection > Website Group > Exception Control, choose Exception Policy and click OK.