Hello @000 ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you are receiving several false positive blocks for your Application gateway WAF v2 and would like to know the recommended ways to perform the analysis and fix these false positives.
First you need to make sure that the diagnostic setting is enabled on the Application gateway to collect the WAF logs.
https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/web-application-firewall-logs
To check the WAF logs, please refer:
https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/log-analytics
Once you get the logs, you can refer the below document to understand the WAF logs:
It's entirely normal, and expected in many cases, to create exclusions, custom rules, and even disable rules that may be causing issues or false positives. Per-site and per-URI policies allow for these changes to only affect specific sites/URIs.
So, once you find the requests in the logs which are causing the false positives, you can create exclusions or custom rules or disable the rule entirely depending upon the scenario.
Custom rules: https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/custom-waf-rules-overview
https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/create-custom-waf-rules
If you need help in configuring exclusion rule, please share the WAF log which is blocking the request, and we could formulate the exclusion rule for the same.
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.