# App WAF Whitelist

App WAF rule explains how to set the WAF interception rule.

The following is an introduction to how to enable the WAF whitelist rule in the application of Edge Admin.

First, click to enter the WAF Whitelist page:

Click the New WAF Whitelist button to enter the rules page first.

The rules consist of two parts, namely, Skip WAF Rules and Enable when.

WAF has five built-in rule sets, namely, malicious crawlers, Trojan Horse, SQL injection, XSS attacks, and ordinary security attacks.

In the Skip WAF Rules, you can choose the WAF rule sets to be bypassed as the default setting is not bypassing any rule set;

Enable when, same as Enable when in the Page rules, contain various optional variables and operators.

Here, choose to skip two rule sets, malicious crawlers and Trojan Horse:

Different conditions for enabling the WAF whitelist can be selected based on the request information,

For instance, the following configuration allows enabling the WAF whitelist for certain URL:

Now, a WAF rule is successfully configured.