Trusted IP address and IP address exceptions

A trusted IP address is one you specify as a safe source of HTTP requests. If you need to build a security policy quickly, you can classify a client IP as "trusted IP address" and then run only legitimate traffic from that IP. Advanced WAF (ASM) will treat all requests from a trusted IP address as legitimate and will use that traffic to build the policy. The key is to use legitimate traffic--don't trigger violations from a trusted IP Address because then Advanced WAF will accept potentially malicious traffic as safe. "Exceptions" simply refer to all the other security settings you can apply to a specific IP. For example, you may elect to "never block traffic from this IP" if the IP address is from a pentesting tool.