Hello @Marco Lodini ,
I understand that you were experiencing some problems in adding exclusions to rule 931130 RFI Attack: Off-Domain Reference in Application Gateway v2 WAF. The WAF log is as below :
details_message_s: Pattern match ^(?i:file|ftps?|https?)://(.)$; Begin With RequestHeaders:host at TX:rfi_parameter_..
details_data_s: Matched Data: https://contoso.sharepoint.com/<sharepoint site and folder path> found within TX:rfi_parameter_args:sharepointfolderurl: contoso.sharepoint.com/<sharepoint site and folder path>
We discussed this issue offline and collected HAR file to analyze the issue further. We tried a couple of exclusions but they didn't work. So, we created a support case and apparently, it was a propagation delay. You ran tests too soon, before the system could update its configuration and hence the exclusions were not showing up.
The issue was resolved by excluding the parameter name in the Request Args as below:
Request args name contains sharepointfolderurl
Kindly let us know if the above helps or you need further assistance on this issue.
----------------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.