Skip to main content
This guide walks through creating a new policy exception in the Osto dashboard. A policy exception lets you define how traffic matching certain conditions should be handled (accepted, skipped, or dropped) for a selected website.

Before you start

  • Log in to the dashboard and go to Policies, then Exceptions.
  • Make sure the website you want to add the exception for is already onboarded and visible in dropdown.

Step 1: Check the logs to find what to except

Before creating an exception, go to Logs and open the relevant log tab (for example Threat Logs). Look at the Matched Data column. This tells you what was detected and why the rule triggered, which is the information you need to build a matching exception. For example, an entry like Matched Data: <script> found within REQUEST_FILENAME: /id=<script> means the request was flagged because /id=<script> appeared in the request filename. If this is legitimate traffic, you can create an exception for it.
Threat Logs showing the Matched Data column

Step 2: Open the exception form

Go to the Policies page, then open Exceptions and click the Create exception button. The New policy exception panel opens on the right.
New policy exception panel

Step 3: Enter a rule name

In the Rule name field, type any name to identify this exception, for example exception1 or allow-admin-api. Use a name that makes the rule easy to recognize later.

Step 4: Select the website

Open the Website dropdown and pick the site you want to add the exception for. Only onboarded websites appear in this list.

Step 5: Select the action

Under When traffic matches, open the Then (action) dropdown and choose what should happen when traffic matches your condition:
  • Accept allow the matching traffic through.
  • Skip bypass policy checks for the matching traffic.
  • Drop block the matching traffic.

Step 6: Select the match type

Open the Match dropdown and choose what part of the request the rule should match on. Available match types are:
  • URL
  • URL parameter
  • Header
  • Cookie
  • Body
  • Source IP

Step 7: Enter the match values

In the Match values section, fill in the value for the match type you picked. For example, if you chose URL, enter the URL path such as /some/path. If you chose a different type like URL parameter, header, or cookie, enter the corresponding value for that field.
Match values section of the new policy exception panel

Step 8: Save

Review your entries and click Save to create the exception. The new rule now appears in the Exceptions list. To discard without saving, click Cancel.

Quick summary

  1. Check the logs and the Matched Data column to see why a request was flagged.
  2. Go to the Policies page and click Create exception.
  3. Enter any rule name, for example exception1.
  4. Select your website from the dropdown.
  5. Select the action (Accept, Skip, or Drop).
  6. Select the match type (URL, parameter, header, cookie, body, or source IP).
  7. Enter the match values for that type.
  8. Click Save.