Thank you very much for answering my question. I will try to explain myself better.
We have url access policy with several url access rules. In with the "Action" Pass and others in "Alert& Deny" and in them we have Url Access Condition, which allude to a URL Pattern.
If a rule is in Pass, the url that is not protected does not give us information about what would be blocked in the Log&Report\Attacks
If the rule is set to Alert&Deny, the WAF denies communications according to its policies and the alert appears in the Log&Report, but it denies us the connection.
We need the communication of those URLs configured in the URL Access Policy to go through the WAF, that they are not denied, but that their vulnerabilities or the attack that the WAF would have denied appear in the Log&Report\Attacks.
We have tried putting the "continue" option, but it denies communications when a policy detects it.
We also don't want to create a policy in “monitor” mode, so that it gives it to us.
A greeting and thank you very much again