Security & DevSecOps Practical By Samson Tanimawo, PhD Published Jan 23, 2026 4 min read

WAF Rules Tuning

WAF blocks attacks; over-blocks legitimate traffic.

Defaults

OWASP Core Rule Set as baseline.

Catches common attacks.

False positives logged. Rules tuned to reduce.

Per-app exceptions.

Block rate trends. Spikes investigated.

Both attack and false-positive signals.