Add application exclusions

To create application exclusions:

  1. Log in as an Administrator or RulesAdmin.

  2. Select Applications in the header and select the name of your application to open it. Select the Policy tab, then Exclusions.


    Exclusions only apply to the application for which they were created.

  3. Select Add Exclusion.

  4. In the window that appears, enter exclusion information. Any inputs that match this criteria won't be processed:

    • Exclusion name: Use something you’ll remember easily.

    • Exclusion type: Input, code or URL. Depending on your selection, more fields become available. Add the necessary information for each one.


      For more information about exclusions types and regular expressions, use this reference guide.

  5. Under Applicable rules, specify the scope of rules affected by the exclusion:

    • All rules applies the exclusion to all vulnerabilities found in both Assess and Protect mode.

    • All Assess rules applies to all vulnerabilities found when Assess is enabled.

    • All Protect rules applies to all attack events when Protect is enabled.

    Select individual Assess or Protect rules to further narrow the focus. Exclusions are only applied to vulnerabilities found by the selected rules.

  6. Select Save. The exclusion will be added to the list of exclusions. You can view this list either at Applications > Your application name > Policy > Exclusions or in the user menu > Policy management > Application exclusions. From the list, you can use the toggles to enable or disable the exclusion for Assess or Protect.


You can also create a new exclusion from an existing attack event. When viewing the list of attack events, Attacks > Attack events, select the triangle in the far right column, then select Add exclusion. Selecting this button pre-populates the exclusion fields based on the details of this specific event.

Once created, this exclusion is visible in the list of exclusions.