![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 55.00000000000001%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJK%3C/text%3E%3C/svg%3E)
Azure Web Application Firewall
An Azure service that provides protection for web apps.
327 questions
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you would like to create an Exclusion for the rule 944130 in Azure WAF.
From your error message, it looks like you are using an App gateway WAF.
In case my observation is incorrect, and you are using AFD WAF instead, please do let me know.
Now, with App Gateway WAF, there are generally three ways to go about it
1.Please note that if you find a lot of false positives with this specific Rule ID, you can consider Disabling the rule altogether.
2.With that said, if you are interested with WAF Exclusion,
- You may follow the steps mentioned by Umar to create the Exclusion list.
- For data reference, see : Request attribute examples in Web Application Firewall exclusion lists
- From your error message,
- java.lang.string found within [REQUEST_BODY
- So please make sure the rule is matching with Request Body, i.e.,
-
- You can also use "Contains" operator
- Here, the example used is for JSON. If you have a Multipart Body or URL-Encoded Body, you must define the rules appropriately
- NOTE : XML Body is not supported
-
- And let us know how it goes
3.Or you may also consider Custom rules for WAF v2,
- You can use the "RequestUri" as "Match variable" and Bypass the WAF altogether for this specific URL
- See : Create and use Web Application Firewall v2 custom rules
- NOTE : This bypassed the entire WAF if the condition matches.
Hope this helps.
Thanks,
Kapil