Forum Discussion
So isn't there any overview, which violation types (currently we are only talking about Attack Signatures and RFC violations) can be disabled on a specific entity instead of disabling it globally for the whole policy? I mean for headers for example there is a option to disable "Evasion Techniques Violations". Or Attack Signatures can be disabled just for a specific parameter. Is something similar possible on URL-level as well?
The problem I have is that the application code contains valid requests, which trigger specific violations. And although some of them are also not RFC compliant and I assume changing this directly in the application is not possible, I was wondering (to minimize security risk) if it's possible to exclude these specific violations just for affected requests (e.g. URL).
Ciao Stefan :)