Configuring Global Exclusions

There are three ways that you can exclude certain hosts from currently configured global Web Application Firewall settings. You can completely disable Web Application Firewall for certain hosts, you can lower the action level from Prevent to Detect for certain hosts, or you can set Web Application Firewall to take no action.

The affected hosts must match the host names used in your HTTP(S) bookmarks and Citrix bookmarks, and the Virtual Host Domain Name configured for an offloaded Web application.

To configure global exclusions

1. On the Web Application Firewall > Settings page, expand the General Settings section.
2. Click Global Exclusions.

3. In the Edit Global Exclusions page, the action you set overrides the signature group settings for the resources configured on these host pages. Select one of the following from the Action drop-down menu:

   • Disable – Disables Web Application Firewall inspection for the host.
   • Detect – Lowers the action level from prevention to only detection and logging for the host.
   • No Action – Web Application Firewall inspects host traffic but takes no action.
4. In the Host field, type in the host entry as it appears in the bookmark or offloaded application. This can be a host name or an IP address. Up to 32 characters are allowed. To determine the correct host entry for this exclusion,
5. You can configure a path to a particular folder or file along with the host. The protocol, port, and the request parameters are simply ignored in the URL. If a path is configured, then the exclusion is recursively applied to all subfolders and files. For instance, if Host is set to webmail.company.com/exchange, then all files and folders under exchange are also excluded.
6. Click + to move the host name into the list box.
7. Repeat the process to add more hosts to this exclusion.
8. When finished, click Accept.