One of the most time-consuming parts of setting up WAF-as-a-Service (or any WAF) is tuning it to eliminate false positives. While you want to catch all attacks, you also don’t want to interfere with legitimate users of your application.

One of the most common situations arises when you encounter a false positive, and are trying to fix it. Until today, you would have had to find the Firewall Log in question, understand the reason the request was blocked, and find the configuration setting to tweak to fix it.

Starting today, some attacks in the Firewall Logs will have a “Mark as False Positive” button:

It does exactly what it says: automatically tweaks your configuration so that particular type of request isn’t blocked again in the future. In many cases, you will be given multiple ways you can choose to update your configuration - all of them will work, but some may be more desirable to you than others. If in douby, choose the “recommended” option.

While not all attacks currently support Mark as False Positive, the list will be growing over time.