# 4.11 Exclude Directories from Protection

#### 📘 Overview

The **Exclude Directory from Protection** module allows you to **bypass all active ShieldsGuard security mechanisms** (WAF, rate limiting, filtering, etc.) for a specific directory path.

This is useful for public, static, or third-party resources that may not function properly under strict protection.

***

#### 🛠️ How It Works

You define:

* **Directory Path** (e.g., `/uploads`, `/public/images`, `https://yourdomain.com/assets/`)

Once added, all requests to that path and its subpaths are **excluded from protection** and forwarded directly to your origin server.

***

#### ⚙️ How to Add an Excluded Directory

1. Navigate to **Security Rules > Exclude Directory**
2. Click **Specify Directory to Exclude from Protection**
3. Enter the full path of the directory
4. Click **Exclude from Protection**
5. All traffic to that directory will now bypass ShieldsGuard security logic

<figure><img src="https://1888569782-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fj6f1XtdOtNUZVCRH9J44%2Fuploads%2FMqUveOCgIK6jffK81Z4R%2Fimage.png?alt=media&#x26;token=480c7cb4-fe9c-454d-b3a2-2de93ea84442" alt=""><figcaption></figcaption></figure>

***

#### ✅ Example Use Cases

* Static file directories (JS, CSS, fonts, images)
* File upload areas with large payloads
* Public folders for client download access

***

#### ⚠️ Important Notes

* No security filtering will apply to excluded directories
* Use only for **safe, public, and static content**
* Avoid excluding sensitive areas such as `/admin`, `/api`, or dynamic logic handlers

***

🎯 **This feature is designed for performance and compatibility — only use it where security impact is minimal.**