Why is WAF whitelisting non existant URLs?

Same question here. I have a long list of things that have somehow been whitelisted, but don’t exist, such as:

/wp-content/themes/authentic/includes/download.php request.queryString[file] 4/15/2016, 7:13:13 AM Whitelisted while in Learning Mode. – 46.119.122.70

The IP addresses associated with everything in my whitelist are all foreign (Russia, Poland, etc). I’m really wondering what’s going on here.

Same here. Personally if a user/ip tries to hit any file in a non existing plugin or theme directory they should probably be blacklisted, but for sure don’t whitelist the url.

Here are 3 strange entries from my whitelist. The inspirational quotes part is an actual article, but the rest is a mystery.

/wp-content/plugins/simple-download-button-shortcode/simple-download-button_dl.php

/inspirational-quotes-when-it-feels-like-an-uphill-struggle-just-think-of-the-view-from-the-top/&sa=U&ved=0ahUKEwjYiKbUjpLMAhWDcBoKHc0eBWIQFgjuAzBa&usg=AFQjCNEzXfEx_I237XwV-So_0kWidcsQ4g/components/com_hdflvplayer/hdflvplayer/download.php

/inspirational-quotes-when-it-feels-like-an-uphill-struggle-just-think-of-the-view-from-the-top/components/com_hdflvplayer/hdflvplayer/download.php

Looks like this was fixed in 6.1.4

“Improvement: Added a check while in learning mode to verify the response is not 404 before [whitelisting].”

That other fork bolean error seems to have been fixed, scans are now running and completing fine.

Now with the whitelist I thought to delete everything and extend learning mode for another week. I selected all on the list and then bulk action delete, and all but 2 have gone. That long one in my post above is one of 2 similar lines in the whitelist that are refusing to go away.

I’ve updated to WF 6.1.4 and put it in learning mode, I keep this thread open until I’ll be sure it’s fixed.