Recommendation selector values

Selectors are segments of a request that Web Application Protector rules look in for attacks, which means no rule applies to an entire request all at once but by selector segment. You can use these selectors to add exceptions to your security policy rules. You can add exceptions to your rules if you know that the rules are throwing false positives, or you want to omit parts of a request from inspection.

For example:

GET /one/two/three/four/my-file-name.mp3?session=3&name=fakeName HTTP/1.1
Accept: application/json
Cookies: foo=examplecookie

{"first":1, "second":2, "third":3}

The following values are available for the selector string enumeration for both recommendations and declined recommendations:

ARGSA generic alias for the query string existing in both the body or the URL. Use this selector to match either the body or the URL.
ARGS_NAMESArgument names. In the example, session and fakeName.
FILES_NAMESName of MIME-encoded filename within a mime-encoded body to exclude from inspection.
JSON_NAMESThe name of the JSON member. In the example, first, second, and third.
JSON_PAIRSName/value pairs in JSON the body. On its own, bypass network does all of them, JSON_PAIRS:"name of json key" excludes that specific JSON name/value pair from inspection. In the example, "first":1, "second":2, and "third":3.
QUERY_STRINGIn the example, 1?session=3&name=fakeName.
REQBODY_PROCESSOR_ERRORWhether an error occurred processing the request. Errors often indicate suspicious activity. It's a good idea to inspect this element, and not exclude it from inspection.
REQUEST_BODYThe entire body of the request. In the example, {"first":1, "second":2, "third":3}
REQUEST_COOKIESThe request cookie name-value pair. In the example,foo=examplecookie.
REQUEST_COOKIES_NAMESThe request cookie name value. In the example, foo.
REQUEST_FILENAMEThe file name to exclude from inspection. In the example, my-file-name.mp3.
REQUEST_HEADERSThe name and value of the request header. In the example, and Accept:application/json.
REQUEST_HEADERS_NAMESThe name of the request header to exclude from inspection. In the example, Host and Accept.
REQUEST_METHODThe request method to exclude from inspection. In the example, GET.
REQUEST_PATH_SEGMENTThe part of the path you specify. For example, /one/two/three/. Use *to include the whole path.
REQUEST_PROTOCOLThe request protocol to exclude from inspection. In the example, http.
REQUEST_URIThe full URL segment without the request method. In the example, /one/two/three/four/my-file-name.mp3?session=3&name=fakeName.
VALUESThe value you want to exclude when it appears in a header, cookie, or parameter.
XML_PAIRSName/value pairs in XML body.