If you find that RegEx Protection Engine of WAF blocks normal requests to your website,
you can customize protection rule groups to avoid this issue.
Background information
To address this issue, you must identify the protection rule that causes the issue,
create a custom rule group for the affected domain name, and then remove the protection
rule from the custom rule group.
Procedure
- Log on to the Web Application Firewall console.
- In the top navigation bar, select the resource group to which the instance belongs
and the region, Mainland China or International, in which the instance is deployed.
- In the left-side navigation pane, click Security report.
- Identify the ID of the protection rule that causes false positives.
- On the Web Security tab, click Web Intrusion Prevention, select the target domain name, and select Regular Protection in the lower part of the page to view attack records.

- In the attack record list, find the false positive record and record the rule ID.
You can search for the record by using the attack IP address.
- In the left-side navigation pane, choose .
- Create a custom rule group and remove the protection rule from the rule group.
- In the rule group list on the Web Application Protection tab, find the rule group that applies to the affected domain name.
Note To find the rule group, search for the affected domain name in the Website column.

- Click Copy in the Action column. Assume that the Medium rule group causes the issue.
- On the Copy Rule Group page, modify Rule Group Name, turn on Automatic Update, and click Save. You can change the rule group name to medium rule group-remove false positive rule.

After you copy the rule group, you can view it in the rule group list.

- Find the rule group that you copy and click Edit in the Action column.
- On the Edit Rule Group page, search for the rule that causes false positives by using the rule ID, select the rule, and then click Remove Selected Rules.
Note Before you remove a protection rule from a custom rule group, make sure that you select
the exact rule that blocks normal requests.

- Click Save.
- Apply the custom rule group to your website.
- Find the rule group that you copy and click Apply to Website in the Action column.
- On the Apply to Website page, add the affected domain name to the Websites Added to WAF section and click Save.

After you apply the custom rule group, you can go to the
Website Protection page and view the
RegEx Protection Engine settings. The
Protection Rule Group changes to the custom rule group that you apply. For more information, see
Configure the protection rules engine.

When the website receives the same access requests again, WAF does not block the requests.
Note If the requests are still blocked, make sure you identify the correct ID of the protection
rule that causes false positives and remove this rule from the custom rule group.