excludedRules property
An array of rules to exclude from a rule group. This is applicable only when
the ActivatedRule refers to a RuleGroup.
Sometimes it is necessary to troubleshoot rule groups that are blocking traffic unexpectedly (false positives). One troubleshooting technique is to identify the specific rule within the rule group that is blocking the legitimate traffic and then disable (exclude) that particular rule. You can exclude rules from both your own rule groups and AWS Marketplace rule groups that have been associated with a web ACL.
Specifying ExcludedRules does not remove those rules from the
rule group. Rather, it changes the action for the rules to
COUNT. Therefore, requests that match an
ExcludedRule are counted but not blocked. The
RuleGroup owner will receive COUNT metrics for each
ExcludedRule.
If you want to exclude rules from a rule group that is already associated with a web ACL, perform the following steps:
- Use the AWS WAF logs to identify the IDs of the rules that you want to exclude. For more information about the logs, see Logging Web ACL Traffic Information.
-
Submit an UpdateWebACL request that has two actions:
-
The first action deletes the existing rule group from the web ACL. That is,
in the UpdateWebACL request, the first
Updates:Actionshould beDELETEandUpdates:ActivatedRule:RuleIdshould be the rule group that contains the rules that you want to exclude. -
The second action inserts the same rule group back in, but specifying the
rules to exclude. That is, the second
Updates:Actionshould beINSERT,Updates:ActivatedRule:RuleIdshould be the rule group that you just removed, andExcludedRulesshould contain the rules that you want to exclude.
-
The first action deletes the existing rule group from the web ACL. That is,
in the UpdateWebACL request, the first
Implementation
final List<ExcludedRule>? excludedRules;