DiscussionSLA
Sign inSign up

In rule-based systems, which takes precedence: a deny rule or a allow rule?

Published 22 days ago

# SafeLine WAF

Published 22 days ago

profile_photo

gun young

Updated 15 days ago

4

Answer: The allow rule has the highest priority among all rules.

If a request matches a allow rule, it will bypass all other security checks—even if it is flagged as malicious by the WAF—and proceed directly to your server.
Therefore, when configuring allow rules, we strongly recommend:
​Use allow rule with extreme caution.
Enable the ​"Continue to detect and log attack requests even when whitelisting." option.
This ensures that if attackers exploit your allow rule to infiltrate your website, you can immediately review attack details in ​Attack > Logs and take remedial action.

image.png

Related Posts
#
Is there a way to self host challenge.js?
#
Can we Limit Requests based on Request Body, not Query !
#
Attack count discrepancy?
#
I can't activate the license for "Appli Failed"
#
Disable access to IP safeline
In rule-based systems, which takes precedence: a deny rule or a allow rule? | SafePoint