What kind of Whitelisting can be done with different rules?
Last updated: July 10, 2026
Overview
In order to reduce the number of unwanted security events due to normal or expected application behaviour , you can configure whitelisting.
Please see below what kind of whitelisting can be done with our standard rules.
Please refer to the documentation for detailed descriptions.
Rule Category | Rule Whitelist Capability | Rule Reduce Scope Capability | Summary |
CSRF | Yes (inbuilt) | Yes - Endpoint Reduction | ✔ |
XSS | Yes (inbuilt) | Yes - Endpoint Reduction | ✔ |
Deserialization | Yes (properties | No | ✔ |
DNS | Yes (allow) | Yes - Specific host, FQDN or IP | ✔ |
File I/O | Yes (allow) | Yes - Path Reduction | ✔ |
Header Injection | No | Yes - Endpoint Reduction | ✔ |
Header Response Addition | No | Yes - Endpoint Reduction | ✔ |
Input Validation | Yes (allow) | Yes - Endpoint Reduction | ✔ |
Library Loading | Yes (allow) | Path Reduction | ✔ |
Open Redirection | Yes (allow) | Yes - Endpoint Reduction | ✔ |
Path Traversal | No | Yes - Taint Source Reduction | ✔ |
Process Forking | Yes (allow) | Yes - Path Reduction | ✔ |
Sanitization | Yes (inbuilt) | Yes - Endpoint Reduction | ✔ |
Session Fixation | No | No | X |
Socket Rules | Yes (inbuilt) | Yes - Endpoint Reduction | ✔ |
SQLi | Yes (properties | No | ✔ |
XXE | Yes (allow) | No | ✔ |