Azure WAF in Frontdoor premium: how to Exclude [{"matchVariableName":"entries.nextHopProtocol","matchVariableValue":"http/1.1"}]

Owin Gruters - iO 46 Reputation points


When creating exclusions in a AFD Premium WAF policy, you have the choice out of 5 different Matchvariables: RequestHeaderNames, RequestCookieNames, QueryStringArgNames, RequestBodyPostArgNames, RequestBodyJsonArgNames (see

Now I have a false positive coming from Azure B2C where the Matchvariablename is "entries.nextHopProtocol" (see attached image). This false positive is coming from this AB2C login request: https://myURL:443/

This triggers on rule Microsoft_DefaultRuleSet-2.1-PROTOCOL-ATTACK-921130 and it triggers a subsequent BLOCK! for [{"matchVariableName":"entries.nextHopProtocol","matchVariableValue":"http/1.1"}]. How can I exclude this one when it does not fit any of the 5 Matchvariables?

User's image


Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
546 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Owin Gruters - iO 46 Reputation points

    Hi Gita, Is it possible something changed here? I now see different log entries which I can exclude: {"matchVariableName":"JsonValue:serverTiming.nextHopProtocol","matchVariableValue":"http/1.1"}

    Is this something the Product team has changed?

    Kind regards

    0 comments No comments