![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 64%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH%3C/text%3E%3C/svg%3E)
Azure Web Application Firewall
An Azure service that provides protection for web apps.
286 questions
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I take it that you are using Azure Front Door WAF and not App gateway WAF.
However, I am afraid "matchVariableName":"HeaderName" is not supported in exclusions.
See : Exclude other request attributes
In particular, when the matchVariableName value is CookieName, HeaderName, PostParamName, or QueryParamName, it means the name of the field, rather than its value, has triggered the rule. Rule exclusion has no support for these matchVariableName values at this time.
Consider taking one of the following actions in that case:
- Disable the rules that give false positives.
- Create a custom rule that explicitly allows those requests. The requests bypass all WAF inspection.
Hope this helps.
Cheers,
Kapil