Hello @Frank Schullerer , If I have understood the question correctly, you have associated a WAF policy to your application gateway, but neither of the requests are blocked and no block messages are logged. This issue might be because the WAF policy is not correctly associated properly with App Gateway.
As per the documentation here the new WAF Policy associated with Ap Gateway must be exactly the same as the current WAF config, meaning every custom rule, exclusion, disabled rule, etc. must be copied into the new Policy you are creating. Once you have a Policy associated with your Application Gateway, then you can continue to make changes to your WAF rules and settings.
If you don't want to copy everything into a policy that is exactly the same as your current config, you can set the WAF into "force" mode. If this is the case, you run below PowerShell commands and see if the policy is then associated correctly.
$appgw = Get-AzApplicationGateway -Name <your Application Gateway name> -ResourceGroupName <your Resource Group name> $appgw.ForceFirewallPolicyAssociation = $true $gw = Get-AzApplicationGateway -Name <your Application Gateway name> -ResourceGroupName <your Resource Group name> $policy = Get-AzApplicationGatewayFirewallPolicy -Name <WAF policy name> -ResourceGroupName <your Resource Group name> Set-AzApplicationGatewayFirewallPolicy -InputObject $policy $gw.FirewallPolicy = $policy Set-AzApplicationGateway -ApplicationGateway $gw
Hope this helps! Please let me know if the issue still persists, I will be glad to continue with our discussion. Thank you!