drop waf request log export · detect block-to-allow bypass patterns · runs locally
drop waf request log export · local only
heuristic screener · vendor schema varies · not definitive proof