All Products
Search

This Product

    Edge Security Acceleration:Whitelist rules

    Document Center

    Edge Security Acceleration:Whitelist rules

    Last Updated:Mar 16, 2026

    Whitelist rules let specific requests bypass all or selected WAF protection modules. Use them to prevent false positives -- for example, when an internal health-check service triggers rate limiting, or when a trusted partner's API calls are blocked by managed rules.

    A whitelist rule has two parts: a match condition that identifies the requests, and a skip target that specifies which protections those requests bypass.

    Skip targets

    Each whitelist rule requires a skip target. Choose one of the following options:

    Skip target

    Description

    Example use case

    All Rules

    Bypass all WAF and bot management rules

    Requests from an internal monitoring system

    Specific Rule Category/ID

    Bypass selected protections only

    A trusted API that triggers a specific managed rule

    When you select Specific Rule Category/ID, choose from the following categories:

    • Abuse Prevention

    • Bot Management

    • Custom Rules

    • Deep Learning and Protection

    • HTTP DDoS Attack Protection

    • Managed Rules

    • Rate Limiting

    • Scan Protection

    • Security Level

    • Smart Rate Limiting

    You can also enter specific rule IDs in the Rule ID field to bypass individual rules. You can enter up to 50 rule IDs, separated by commas. You must configure at least one of Rule Category and Rule ID.

    Create a whitelist rule

    Prerequisites

    Before you begin, make sure that you have:

    • An ESA site with WAF enabled

    • Enough whitelist rule quota for your plan

    Procedure

    1. In the ESA console, go to Websites. In the Actions column for the target site, click icon > WAF.

    2. Navigate to Security > WAF > Whitelist Rules.

    3. Click Create Rule.

    4. Enter a Rule Name.

    5. In the If requests match... section, define the match conditions that identify the requests to whitelist. For details about available match fields and operators, see Composition of a rule expression.

    6. In the Then skip... section, select the protections to bypass:

      • Select All Rules to bypass all WAF and bot management rules.

      • Select Specific Rule Category/ID to bypass individual categories or rules. Select one or more categories from the Rule Category dropdown, or enter rule IDs in the Rule ID field, or both.

    7. Click OK.

    Plan quotas

    The maximum number of whitelist rules depends on your ESA plan:

    Quota

    Entrance

    Pro

    Premium

    Enterprise

    Number of whitelist rules

    2

    3

    5

    10

    Related topics