![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 75%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJC%3C/text%3E%3C/svg%3E)
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
724 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 71%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Greetings!
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
As you mentioned rule ID getting matched then it got blocked by the Default rules of Microsoft_DefaultRuleSet-2.1. 921110
You can refer the below document for reference, regarding the WAF.
Troubleshoot - Azure Web Application Firewall | Microsoft Learn
For more information about exclusion:
- Use exclusion lists.
For more information about exclusion lists, check
Azure Web Application Firewall with Azure Front Door exclusion lists.
- Change WAF actions.
For more information about what actions can be taken when a request matches a rule's conditions, check
- Use custom rules.
For more information about custom rules, see
Custom rules for Azure Web Application Firewall with Azure Front Door.
- Disable rules.
To understand each of the rules you have to check: owasp-modsecurity-crs/rules/REQUEST-921-PROTOCOL-ATTACK.conf at v3.2/dev · SpiderLabs/owasp-modsecurity-crs · GitHub
For example, let's take the rule 921110.
In the above-mentioned article look for the first three digits and open the link. You will land to: owasp-modsecurity-crs/rules/REQUEST-921-PROTOCOL-ATTACK.conf at v3.2/dev · SpiderLabs/owasp-modsecurity-crs · GitHub
Search for the rule "921110"
This will show why exactly the rule is being triggered.
You can see that it has seen something with the request cookie and hence this rule has been triggered.
Some rules are mandatory and cannot be removed. In your scenario we tried custom rule for testing and it's working, Furtherly You have to reach out to your application team to understand ways to mitigate these by checking for other rules.
If above is unclear and/or you are unsure about something add a comment below.
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.
Regards,
Ganesh