Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I see you are using OWASP 3.0 RuleSet with Microsoft BotRule.
From what I can see, you have to tune your WAF by disabling the rule only. This looks like this rule is prone to false positives.
See here (from AFD WAF document)
Should you feel that a rule is blocking legitimate request(false positives), you can
- Disable the Rule : See Tuning of Managed rule sets
- or Create Exclusions : https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-configuration?tabs=portal
- or Create a custom rule : Custom rules for Web Application Firewall
to overcome this.
Please refer to the Official OWASP Rule definition,
REQUEST-942-APPLICATION-ATTACK-SQLI.conf : https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0/master/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
The Microsoft Threat Intelligence Collection rules would cover this with the Rule 99031002.
- I got a confirmation from our Product Team that this covers DRS only.
- If you would like to make sure of Microsoft Threat Intelligence Collection rules , please consider upgrading to DRS Rule set.
Cheers,
Kapil
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.