Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
You were loggin the error "A potentially dangerous Request.Form value was detected from the client" within your application.
And you would like to know the best practices for mitigating this.
Since the logs are from the application, the Platform does not much visibility onto it.
The Manged Rules should detect the issue if this can be remediated via Platform.
Here is a list of Managed Rules for OWASP 3.0 : https://video2.skills-academy.com/en-us/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules?tabs=drs21#owasp-crs-30
- If the WAF is in Detetcion mode, I suggested you to enable prevention mode.
- In case the WAF is in prevention mode and no rule is triggered, then you must use Custom Rules
- You must tune your WAF according to your application/use case/requirement
i.e., please check the application as to why this error is generated and tailor the Custom Rules to block such requests. - Refer : Tune your WAF
One such example is,
- You can consider "Match variable"
- And within it, you can use "RequestBody"
- And within it, you can use "RequestBody"
- And set the "Operator" as "Contains" and specify the string value which you would like to block.
- And set "Action" as Block or Log
Kindly let us know if this helps or you need further assistance on this issue.
Thanks,
Kapil
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.