Although it's good to enable active response for just the rules you want - is there a way to do the opposite that allows you to add a rule that won't fire off active response (like an exception list).
For example I am getting a lot of web customers who have embedded javascript code in their HTML files that does not exsit - hence triggering Rule: 31151 (level 10) -> 'Mutiple web server 400 error codes from same source ip.'. Because I have active response turned on, these unknowing customer's IPs are blocked after browsing to a few pages within the site because the web server can't find that java scripts. I know it's bad coding but is there a way to exclude this rule from triggering active response without having to turn active response off. Thanks. Andy
