Exclude some valid URI from AWS WAF and Analyze WAF results
We have subscribed to F5 Rules for AWS WAF - Web exploits OWASP Rules and applied these rules to our production with COUNT mode.
After a while, we check the logs for the requests and see that WAF counts also valid requests from our applications.
We want to see the reason why these requests were counted and fix them accordingly so they would pass WAF when we turn WAF to BLOCK mode. How can we move on with this approach?
Plus, is it possible to exclude some specific URIs that we know are valid to bypass WAF?