Managed rules for Enterprise, exclude a subset of domains using manage rule scope

lets say i have an enterprise account, and all the domains from a.com through z.com under the enterprise plan. At the account level i have deployed a managed ruleset for ENT.

Now i need to exclude one specific rule ID from the managed ruleset on a subset of domains h.com <-> p.com how would i go about that efficiently?

Obviously i can create an waf exception per zone and iterate, but can for example change the scope for managed rules like
(in order)

Managed ruleset
scope hostname does start with h.com, i.com, j.com etc and disable the specific rule
Managed ruleset
scope All incoming requests

ie first create a managed ruleset for only a subset of domains and that a subset for all domains, but will i hit both rules or will CF use the order and provide the desired result by first applying rule number 1 and rule number 2 for all the other ones? or how should i think regarding scoping managed rules

OtechOP•10/24/24, 4:51 PM

I guess api script would be an option to iterate the rollout but this is atm beyond my skil to understand how to configure rule sets etc usign api

OtechOP•10/24/24, 5:59 PM

or.. i can deploy a managed exception for the enterprise...