Carve out the legitimate traffic that BitFire's default rules would otherwise stop. Allow a single request shape to bypass the WAF, manage allowed IP and user-agent rules, and review or add blocked IPs that use BitFire's normal IP block path.
Run the engine in observe-only mode for three days. BitFire will record the request shapes your real users generate and auto-add them as exceptions, dramatically reducing false positives once protection re-engages.
Each row lets one specific request pattern bypass normal protection — useful when a legitimate URL trips a WAF signature. * means any value.
| URL | Parameter | Rule type | Rule number | Action |
|---|
Add an IP address or user-agent string to the browser allow list. This page only adds allow rules here; blocked user-agents must be managed in Bot Control.
| IP / user-agent | Type | Remove |
|---|
Block an IP address using BitFire's normal IP block path. These entries are separate from the browser allow list. Block log: {{block_log}}
| IP | Block reason | Expires | Remove |
|---|
Inputs that may bypass browser and bot verification. BitFire learns these automatically from verified browsers while learning mode is on; add or remove entries by hand below.
Tracking or other harmless URL parameters allowed without browser / bot verification.
| GET Parameter name | Remove |
|---|
PHP files that may be accessed directly without browser or bot verification.
| Script | Remove |
|---|
Extra admin-ajax.php actions runnable without browser or bot verification.
| Ajax Action | Remove |
|---|
Extra wp-json endpoints accessible without browser or bot verification.
| Endpoint | Remove |
|---|