[Yandex Cloud documentation](../../index.md) > [Yandex Smart Web Security](../index.md) > [Step-by-step guides](index.md) > WAF profiles > Updating an exclusion rule

# Editing a WAF exclusion rule

{% list tabs group=instructions %}

- Management console {#console}

  1. In the [management console](https://console.yandex.cloud), select the [folder](../../resource-manager/concepts/resources-hierarchy.md#folder) containing the [WAF profile](../concepts/waf.md).
  1. Navigate to **Smart Web Security**.
  1. In the left-hand panel, select ![image](../../_assets/smartwebsecurity/waf.svg) **WAF profiles**.
  1. Select the profile where you want to edit an [exclusion rule](../concepts/waf.md#exclusion-rules).
  1. In the left-hand menu, go to the ![image](../../_assets/console-icons/file-xmark.svg) **Exclusion rules** tab.
  1. In the rule row, click ![options](../../_assets/console-icons/ellipsis.svg) and select **Edit**. In the window that opens:
      1. Edit the exclusion rule name and description as needed.
      1. Optionally, enable **Write logs** to log exception rule triggering.
      1. Under **Scope**, edit rules from the basic set to which the exclusion will apply:
          * `All rules`: Exclusion will apply to all rules.
          * `Selected rules`: Exclusion will apply to the selected rules.

             Click **Add rules** to select rules from the basic set.

      1. Under **Traffic conditions**, specify the traffic the rule will apply to:
         * `All traffic`: Rule will apply to all traffic.
         * `On condition`: Rule will apply to the traffic defined in the **Conditions** field:
             * `IP`: IP address, IP address range, or IP address region.
             * `HTTP header`: HTTP header string.
             * `Request URI`: Request path.
             * `Host`: Domain receiving the request.
             * `HTTP method`: Request method.
             * `Cookie`: Cookie header string.
             * `Bot name`: Names of legitimate bots owned by various companies and services.
             * `Bot category`: Verified bot categories based on their purpose or nature of action.
             * `Verified bot`: Filtering based on whether the bot is verified (`yes` or `no`).
             * `Bot score`: Filtering based on request bot score, from `0` (the lowest, represents a human) to `100` (the highest, represents a bot).
             * `FingerPrint`: SSL/TLS connection [fingerprint](../concepts/botes.md#fingerprint).
         
             You can set multiple conditions of the same type by selecting all the condition types you need in the **Conditions** field.
         
             You can also set multiple conditions of the same type at the same time by clicking ![plus-sign](../../_assets/console-icons/plus.svg) **and** or ![plus-sign](../../_assets/console-icons/plus.svg) **or** in the section with the condition you need.
         
             To delete a condition, click ![options](../../_assets/console-icons/trash-bin.svg).

      1. Click **Save**.

- Terraform {#tf}

  With [Terraform](https://www.terraform.io/), you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.
  
  Terraform is distributed under the [Business Source License](https://github.com/hashicorp/terraform/blob/main/LICENSE). The [Yandex Cloud provider for Terraform](https://github.com/yandex-cloud/terraform-provider-yandex) is distributed under the [MPL-2.0](https://www.mozilla.org/en-US/MPL/2.0/) license.
  
  For more information about the provider resources, see the guides on the [Terraform](https://www.terraform.io/docs/providers/yandex/index.html) website or [its mirror](../../terraform/index.md).

  If you do not have Terraform yet, [install it and configure the Yandex Cloud provider](../../tutorials/infrastructure-management/terraform-quickstart.md#install-terraform).
  
  
  To manage infrastructure using Terraform under a service account or user accounts (a Yandex account, a federated account, or a local user), [authenticate](../../terraform/authentication.md) using the appropriate method.

  1. Open the Terraform configuration file and edit the `exclusion_rule` section in the `yandex_sws_waf_profile` description.

      ```hcl
      # WAF profile
      resource "yandex_sws_waf_profile" "default" {
        name = "waf-profile-default"
        core_rule_set {
          inbound_anomaly_score = 2
          paranoia_level        = local.waf_paranoia_level
          rule_set {
            name    = "OWASP Core Ruleset"
            version = "4.0.0"
          }
        }

        ...

        # Exclusion rule
        exclusion_rule {
          name = "<exclusion_rule_name>"
          condition {
            source_ip {
              ip_ranges_match {
                ip_ranges = [
                  "<IP_address_range_1>",
                  "<IP_address_range_2>",
                  ...
                  "<IP_address_range_n>"
                ]
              }
              ip_ranges_not_match {
                ip_ranges = [
                  "<IP_address_range_3>",
                  "<IP_address_range_4>",
                  ...
                  "<IP_address_range_y>"
                ]
              }
            }
          }

          exclude_rules {
            exclude_all = <true_or_false>
            rule_ids    = [
              "rule_ID_1",
              "rule_ID_2",
              ...
              "rule_ID_n",
            ]
          }
        }
      }
      ```

      For more information about `sws_waf_profile` properties in Terraform, see [this provider guide](../../terraform/resources/sws_waf_profile.md).

  1. Apply the changes:

      1. In the terminal, navigate to the configuration file directory.
      1. Make sure the configuration is correct using this command:
      
         ```bash
         terraform validate
         ```
      
         If the configuration is valid, you will get this message:
      
         ```bash
         Success! The configuration is valid.
         ```
      
      1. Run this command:
      
         ```bash
         terraform plan
         ```
      
         You will see a list of resources and their properties. No changes will be made at this step. Terraform will show any errors in the configuration.
      1. Apply the configuration changes:
      
         ```bash
         terraform apply
         ```
      
      1. Type `yes` and press **Enter** to confirm the changes.

  You can check the resource update in the [management console](https://console.yandex.cloud).

- API {#api}

  Use the [update](../waf/api-ref/WafProfile/update.md) REST API method for the [WafProfile](../waf/api-ref/WafProfile/index.md) resource or the [WafProfile/Update](../waf/api-ref/grpc/WafProfile/update.md) gRPC API call.

{% endlist %}

### Useful links {#see-also}

* [Adding a WAF exclusion rule](exclusion-rule-add.md)
* [Deleting a WAF exclusion rule](exclusion-rule-delete.md)
* [Configuring WAF rule sets](configure-set-rules.md)