![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 7.000000000000001%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVL%3C/text%3E%3C/svg%3E)
Azure Web Application Firewall
An Azure service that provides protection for web apps.
328 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 81%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
- As the rule 949110 is a mandatory rule, so that cannot be disabled, and which gets triggered when the anomaly score meets the threshold. For your reference: https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules?tabs=drs21#anomaly-scoring
- There might be a chance that the 942440 rule is affecting the Anomaly score to increase.
- If you feel it is a false positive one you can disable it or create an exclusion list or else create a custom rule.
- As per the document the rule 942440 is replaced by MSTIC rule 99031002.
Kindly let us know if the above helps or you need further assistance on this issue.
Thanks,
Sai Prasanna.