@rex Thank you for reaching out to Microsoft Q&A.
I understand that you are facing issues with WAF blocking legitimate traffic. Here is a document that you can refer on Troubleshooting WAF when legitimate traffic is blocked by WAF as is the current case.
As given in the document- First, ensure you’ve read the WAF overview and the WAF configuration documents. Also, make sure you’ve enabled WAF monitoring These articles explain how the WAF functions, how the WAF rule sets work, and how to access WAF logs.
It is entirely normal, and actually expected in many cases, to create exclusions, custom rules, and even disable rules that may be causing issues or false positives. Per-site and per-URI policies allow for these changes to only affect specific sites/URIs, so any changes shouldn’t have to affect other sites that may not be running into the same issues.
If you notice that the WAF blocks a request that it shouldn't (a false positive), you can do a few things. First, narrow down, and find the specific request. Look through the logs to find the specific URI, timestamp, or transaction ID of the request. When you find the associated log entries, you can begin to act on the false positives.
Here is a document that specifies how to work around False Positives with WAF.
- Use an Exclusion List
See WAF configuration for more information about exclusion lists. - Disable the rule
Please go through the above document on fixing the False Positive either by creating an Exclusion List or Disabling the rule. Hope this helps.
Please let us know if you have any further questions and we will be glad to assist you further. Thank you!
Remember:
Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.
Want a reminder to come back and check responses? Here is how to subscribe to a notification.