I would like to ask you for help in creating an Azure WAF rule exclusion.
You can see the blocked URL details here: https://imgur.com/B2cLtbd (blocked by Anomaly score) or below:
requestUri_s
/Account/RegisterConfirmation?userId=CODE&code=CODE&redirectUrl=https://XYXYXYXY.com/EventRegistration/RegisterLink?parentId=CODE
ruleSetVersion_s
3.2
ruleId_s
931130
action_s
Matched
details_message_s
Pattern match ^(?i:file|ftps?|https?)://(.*)$; Begin With RequestHeaders:host at TX:rfi_parameter_.*.
details_data_s
{https://XYXYXYXY.com/EventRegistration/RegisterLink?parentId=CODE found within [ARGS:redirectUrl:https://XYXYXYXY.com/EventRegistration/RegisterLink?parentId=CODE]} and { found within [TX:rfi_parameter_args:redirecturl:XYXYXYXY.com/EventRegistration/RegisterLink?parentId=CODE]}
details_file_s
REQUEST-931-APPLICATION-ATTACK-RFI.conf
. .
SOLVED This got solved by adding exclusion to the mentioned rule:
Req Arg Nam > Contains > redirectUrl Refering to the last Example: https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-configuration?tabs=portal#next-steps