Thank you for reaching out.
I understand the request is blocked as there is a .dll extension in the request url and you wish to what will be the best practice to bypass this issue.
I think implementing per URI WAF policy will be a best solution in this case as you can apply a different WAF policy for request URI containing /_framework/Microsoft.AspNetCore.Components.WebAssembly.dll?v=sha256-adaGY=
and disable the rule 920440 in this per URI WAF policy.
If a custom rule is implemented, and an allow or block action is taken, no further custom or managed rules are evaluated, and disabling the 920440 for global policy will disable it for all the URLs.
Hope this helps! Please let me know if you have any additional questions. Thank you!
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.