rules: cache: true threat: excludes: # - "Common Web Attack" # - "Bad IP Address" # - "Bad Referrer" # - "Bad Crawler" # - "Directory Bruteforce" # It can be user-agent, request path, HTTP referrer, IP address and/or request query values parsed in regExp whitelists: # - "(curl|Go-http-client|okhttp)/*" # - "^/wp-login\\.php" # - "https://www\\.facebook\\.com" # - "192\\.168\\.0\\.1"