WAF Exceptions

WAF Exceptions

This page allows you to configure exceptions to the WAF filtering rules. Why you need that? Some plugins are designed to properly and safely parse and use data which triggers WAF protection rules. Most usually, a plugin accepts an absolute path to files on your server or can parse complex data which normally trigger WAF's filters. Without any exceptions set, these plugins would be blocked and you wouldn't be able to properly use your site. The workaround was to disable WAF's filters, but this ended up in degrading the security of your site. Using the WAF Exceptions view you can fine tune which URLs are in the "safe list" and should never be blocked.


WAF Exceptions is a very useful and powerful tool. It's also possible that you apply too many exceptions, opening potential security wholes in the firewall. Be very cautious when using it. Please keep in mind that when you add an exception, WAF is COMPLETELY TURNED OFF for all requests matching the exception. If you apply a too broad exception you will be deteriorating your site's security to the level it was before installing Admin Tools for WordPress.

WAF Exception

WAF Exceptions are defined by specifying the target URL: you can either specify an Exact match or a RegEx (Regular Exception) one.

  • Exact. Using this matching option, you instruct Admin Tools to ignore any security exception coming from a specific URL

  • Regular Expression. If you have several URLs that are triggering false positives, you can create a regular expression to exclude them all.


    Please note that when using a regular expression, you have to escape any regular expression character, by adding a leading backslash \ . The most common character that should be escaped is the dash - here the full list: