Request blocked by WAF on false positive
Hello Team,
I would like to bring it to your attention that there is a false positive on Content Delivery Network WAF policy due to default ruleset 942110.
A request has been blocked by considering as a sql injection, please find below the traces and details from diagnostics log.
category": "WebApplicationFirewallLogs", "operationName": "Microsoft.Cdn/CdnWebApplicationFirewallPolicies/Write", "properties": {"clientIP":"","clientPort":"","socketIP":"","requestUri":"https://host:443/rest/v1/getuser?username=abc%22cal","ruleName":"DefaultRuleSet-1.0-SQLI-942110","policy":"","action":"Block","host":"","trackingReference":"","policyMode":"prevention","details":{"matches":[{"matchVariableName":"QueryParamValue:search","matchVariableValue":"\"cal"}],"msg":"SQL Injection Attack: Common Injection Testing Detected","data":"Matched Data: abc\"cal found within QueryParamValue:username: abc\"cal"}}}