From 71d1f30a9a07c5d029b7bf7baddfdf1cf2ad1074 Mon Sep 17 00:00:00 2001
From: Daniel Eisenberg <danielei@checkpoint.com>
Date: Tue, 11 Feb 2025 17:53:45 +0200
Subject: [PATCH] code sync

---
 components/security_apps/waap/waap_clib/Waf2Engine.cc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/components/security_apps/waap/waap_clib/Waf2Engine.cc b/components/security_apps/waap/waap_clib/Waf2Engine.cc
index 32a40b8..461f4a8 100755
--- a/components/security_apps/waap/waap_clib/Waf2Engine.cc
+++ b/components/security_apps/waap/waap_clib/Waf2Engine.cc
@@ -1577,7 +1577,7 @@ Waf2Transaction::decideFinal(
         dbgTrace(D_WAAP) << "Waf2Transaction::decideFinal(): got relevant API configuration from the I/S";
         sitePolicy = &ngenAPIConfig;
         m_overrideState = getOverrideState(sitePolicy);
-
+        shouldBlock = (getUserLimitVerdict() == ngx_http_cp_verdict_e::TRAFFIC_VERDICT_DROP);
     }
     else if (WaapConfigApplication::getWaapSiteConfig(ngenSiteConfig)) {
         dbgTrace(D_WAAP) << "Waf2Transaction::decideFinal(): got relevant Application configuration from the I/S";
@@ -2208,6 +2208,11 @@ Waf2Transaction::decideAutonomousSecurity(
         if (triggerLog && triggerLog->webRequests) log_all = true;
     }
 
+    if(decision->getThreatLevel() <= ThreatLevel::THREAT_INFO && !log_all) {
+        decision->setLog(false);
+    } else {
+        decision->setLog(true);
+    }
 
     return decision->shouldBlock();
 }