Same considerations as last reviewer
Same considerations as last reviewer, however, you can do an "Override to Count" and see request samples, to find things to white list. However, you don't know which condition triggered the "block".
Very much a Black box.
For our testing with "Override to count" in Production, I only found it blocking valid transactions for us.
Thank you for trying out Fortinet's WAF Ruleset and providing feedback. We understand your need for more visibility on why a request is being blocked. AWS did announce recently a comprehensive logging support to help you better understand why certain web requests are blocked. AWS also announced rule group exceptions that allows you to override individual rules with a managed rule group. Now you can choose which rules within the rule group should be excluded and set in count-only mode, preventing those rules from blocking a request. Here are links to learn more about these updates: 1. https://aws.amazon.com/about-aws/whats-new/2018/08/aws-waf-launches-new-comprehensive-logging-functionality/ 2. https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-rule-groups.html If more advanced features and visibility is required, please check out Fortinet FortiWeb which is our Web Application Firewall solution. FortiWeb gives you the ability to visualize and drill-down into key elements such as server/IP configurations, attack and traffic logs, attack maps, OWASP Top 10 attack categorization, and user activity. You can learn more about FortiWeb at: https://www.fortinet.com/products/web-application-firewall/fortiweb.html