Understanding False Positives #
A “False Positive” occurs when a legitimate user request (e.g., a complex data entry form, a custom admin action) is flagged as malicious by the WAF and subsequently blocked.
Diagnosing a Block #
-
Check the WAF Logs: Use the WAF logs tool in your cPanel or Client Area to see the recent traffic logs. Look for an entry corresponding to the blocked action, noting the Source IP Address and the Rule ID that triggered the block.
-
Confirm Legitimacy: Ensure the blocked IP or action belongs to a trusted source (e.g., your own office IP or a necessary third-party service).
Whitelisting IP Addresses #
The safest way to resolve a false positive for a trusted source is to whitelist the source IP.
-
Access Whitelisting Tool: Navigate to the “WAF Configuration” or “IP Management” section.
-
Add IP: Enter the source IP address that was blocked.
-
Note: Whitelisting should be done sparingly, as it bypasses all WAF rules for that specific IP address.
Submitting a WAF Rule Review (Recommended) #
If a critical function of your website is being blocked, contact our support team immediately. We can analyze the specific Rule ID and implement a more granular exclusion rule, ensuring the specific function works while maintaining all other protections.
