Thank you for reaching out.
Based on your description, it seems that you are facing an issue with the WAF not handling injections when using path/query string rewrite rules.
In Azure Application Gateway WAF rules are evaluated before the routing rules are applied. As documented here if a request is valid and not blocked by WAF, the application gateway evaluates the request routing rule that's associated with the listener.
It will help if you can elaborate more on your set-up and path/query string rewrite rule above, as it will help us troubleshoot the issue. Thank you!