Fine-tuning WAF
Case: 9007
Problem Statement
The client requires to finetune WAF to eliminate any false-positives for the Web Application.
Solution
- Go to FP Finder page to view the signatures that were triggered during the specified time range.
- Analyse the affected URLs and Impacting Payload with respective to a rule Id triggered.
- The Incident details can be viewed by clicking on the respective event Id. A pop-up window provides the details of the request which was blocked by the rule.
- After verifying if the incident or the rule triggered was a false-positive, we can eliminate this false positive by clicking on gear icon in the Impact payload as below to fine-tune the WAF.
