@WsCi , This should be possible with AFD WAF exclusion lists. WAF exclusion lists allow you to omit certain request attributes from a WAF evaluation. A common example is Active Directory inserted tokens that are used for authentication or password fields. Such attributes are prone to contain special characters that may trigger a false positive from the WAF rules.
Have a look at this example for clear understanding.
----------
Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.