Testing CWAF functionality

Can someone please advise how to test that the CWAF rules are working properly? We previously used the following URL which would produce a 403 error by accessing:


But since updating to the most recent CWAF rules this no longer triggers a rule and isn’t blocked.

What URL can we access to check CWAF rules are working properly?

Please, add to URL the next exppression:


It should produce a 403 error. More detailed information you can see in modsec_audit.log and modsec_debug.log.

Thanks, that works!