1. Home
  2. Guides
  3. Next-Gen WAF
  4. Using the Next-Gen WAF
  5. Rules

Working with signal exclusion rules

A signal exclusion rule prevents requests with a particular pattern from being tagged with a specific system signal. You can use signal exclusion rules to help avoid false positives. For example, you may want to prevent requests that are from internal IP addresses and that failed to access an admin page from being tagged with the FORCEFULBROWSING signal.

Limitations and considerations

When working with signal exclusion rules, keep the following in mind:

  • Signal exclusion rules are limited to 1000 at the corp-level (also known as account-level) plus 1000 at the site-level (also known as workspace-level) and count against the total number of request rule limits for corps (accounts) and sites (workspaces).
  • The Essentials platform does not include corp-level (account-level) signal exclusion rules.

Creating signal exclusion rules

You can create signal exclusion rules that apply to multiple sites (workspaces) or that only apply to a single site (workspace).

Creating signal exclusion rules that apply to multiple sites (workspaces)

This section only applies to Next-Gen WAF customers with access to the Next-Gen WAF control panel. Corp-level (account-level) rules are not available in the Fastly control panel.

To create a signal exclusion rule that applies to more than one site (workspace), complete the following steps:

  1. Log in to the Next-Gen WAF control panel.

  2. From the Corp Rules menu, select Corp Rules.

  3. Click Add corp rule.

    A corp-level (account-level) signal exclusion rule designed to prevent POST requests originating from a list of known internal developer IP addresses from being tagged with the 'NO-CONTENT-TYPE signal

  4. In the Type section, select Signal exclusion.

  5. From the Signal menu, select the signal that you want to prevent from being assigned to requests that meet specific conditions.

  6. Fill out the fields in the Conditions section as follows:

    • From the Field menu, select the request field that the condition is based on.
    • In the Value field, enter a value for the specified field.
    • From the Operator menu, select an operator to specify how the selected field and value relate.
    • (Optional) Click Add condition to add another condition, or click Add group to create a group of conditions.
    • Select All to specify that a request must meet every condition to be excluded or Any to specify that a request must meet only one condition to be excluded.

  7. Fill out the fields in the Details section as follows:

    • Leave the Status switch enabled.
    • In the Description field, enter a description of the rule.
    • From the Scope menu, leave Global selected for the rule to apply to all your sites. If you want the rule to apply to specific sites, select Specific sites and then select the sites the rule should apply to.

  8. Click Create corp rule. The rule is created, and the Corp Rules page appears.

Creating signal exclusion rules that apply to one site (workspace)

To create a signal exclusion rule that applies to only one site (workspace), complete the following steps:

  1. Next-Gen WAF control panel
  2. Fastly control panel

  1. Log in to the Next-Gen WAF control panel.

  2. From the Sites menu, select a site if you have more than one site.

  3. From the Rules menu, select Site Rules.

  4. Click Add site rule.

    A site-level signal exclusion rule designed to prevent POST requests originating from a list of known internal developer IP addresses from being tagged with the 'NO-CONTENT-TYPE signal

  5. In the Type section, select Signal exclusion.

  6. From the Signal menu, select the signal that you want to prevent from being assigned to requests that meet specific conditions.

  7. Fill out the fields in the Conditions section as follows:

    • From the Field menu, select the request field that the condition is based on.
    • In the Value field, enter a value for the specified field.
    • From the Operator menu, select an operator to specify how the selected field and value relate.
    • (Optional) Click Add condition to add another condition, or click Add group to create a group of conditions.
    • Leave All selected to specify that a request must meet every condition to be excluded or select Any to specify that a request must meet only one condition to be excluded.

  8. Fill out the fields in the Details section as follows:

    • Leave the Status switch enabled.
    • In the Description field, enter a description of the rule.

  9. Click Create site rule. The rule is created, and the Site Rules page appears.

Editing signal exclusion rules

The steps to edit an existing rule depends on whether the rule applies to multiple sites (workspaces) or to a single site (workspace).

Not sure if your rule logic will work? Use our Simulator to test it. The Simulator feature is only available in the Next-Gen WAF control panel.

Editing signal exclusion rules that apply to multiple sites (workspaces)

This section only applies to Next-Gen WAF customers with access to the Next-Gen WAF control panel. Corp-level (account-level) rules are not available in the Fastly control panel.

To adjust a signal exclusion rule that applies to more than one site (workspace), complete the following steps:

  1. Log in to the Next-Gen WAF control panel.

  2. From the Corp Rules menu, select Corp Rules.

  3. Click Edit to the right of the rule that you want to delete.

    A corp-level signal exclusion rule designed to prevent POST requests originating from a list of known internal developer IP addresses from being tagged with the 'NO-CONTENT-TYPE signal

  4. From the Signal menu, select the signal that you want to prevent from being assigned to requests that meet specific conditions.

  5. Fill out the fields in the Conditions section as follows:

    • From the Field menu, select the request field that the condition is based on.
    • In the Value field, enter a value for the specified field.
    • From the Operator menu, select an operator to specify how the selected field and value relate.
    • (Optional) Click Add condition to add another condition, or click Add group to create a group of conditions.
    • Select All to specify that a request must meet every condition to be excluded or Any to specify that a request must meet only one condition to be excluded.

  6. Fill out the fields in the Details section as follows:

    • Leave the Status switch enabled.
    • In the Description field, enter a description of the rule.
    • From the Scope menu, leave Global selected for the rule to apply to all your sites. If you want the rule to apply to specific sites, select Specific sites and then select the sites the rule should apply to.

  7. Click Update corp rule. The rule is updated, and the Corp Rules page appears.

Editing signal exclusion rules that apply to one site (workspace)

To adjust a signal exclusion rule that applies to only one site (workspace), complete the following steps:

  1. Next-Gen WAF control panel
  2. Fastly control panel

  1. Log in to the Next-Gen WAF control panel.

  2. From the Sites menu, select a site if you have more than one site.

  3. From the Rules menu, select Site Rules.

  4. Click Edit to the right of the rule that you want to modify.

    A site-level signal exclusion rule designed to prevent POST requests originating from a list of known internal developer IP addresses from being tagged with the 'NO-CONTENT-TYPE signal

  5. From the Signal menu, select the signal that you want to prevent from being assigned to requests that meet specific conditions.

  6. Fill out the fields in the Conditions section as follows:

    • From the Field menu, select the request field that the condition is based on.
    • In the Value field, enter a value for the specified field.
    • From the Operator menu, select an operator to specify how the selected field and value relate.
    • (Optional) Click Add condition to add another condition, or click Add group to create a group of conditions.
    • Select All to specify that a request must meet every condition to be excluded or Any to specify that a request must meet only one condition to be excluded.

  7. Fill out the fields in the Details section as follows:

    • Leave the Status switch enabled.
    • In the Description field, enter a description of the rule.

  8. Click Update site rule. The rule is updated, and the Site Rules page appears.

Deleting signal exclusion rules

To delete a signal exclusion rule, follow the steps described in the Deleting rules section.

Related content

Fastly
© Fastly 2025