Hello @Thang Trinh ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you would like to know how to create a WAF Exclusion list for the following WAF log: "Matched Data: 3onU= found within REQUEST_COOKIES_NAMES:OpenIdConnect.nonce.Pcy2GKqfUCV%2BrNBhnhqKG%2B2oxQnJV78bK8Z14xw3onU%3D: OpenIdConnect.nonce.Pcy2GKqfUCV+rNBhnhqKG+2oxQnJV78bK8Z14xw3onU="
Since the WAF was getting triggered for the Cookie name, I advised you to try the below exclusion:
NOTE: Request attributes by key and values are only available in CRS 3.2.
However, you were using the older WAF engine 3.0. To choose Request Cookie Key in WAF exclusion list, you need to set the WAF engine to OWASP 3.2. The new WAF engine is a high-performance, scalable Microsoft proprietary engine and has significant improvements over the previous WAF engine.
So, advised you to set the default rule set to OWASP 3.2 and add the above-mentioned exclusion list.
You followed the steps, and the issue is now resolved.
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.