Web Application Firewall with Azure Front Door service now supports exclusion lists
Updated: 07 March, 2020
Web Application Firewall exclusion lists allow you to omit certain request attributes from a rule evaluation. Use them to fine tune Web Application Firewall policies for your applications.
Attributes supported for exclusion include request header, cookie, query string, and post args. Apply exclusion lists to all rules within the managed rule set, to rules for a specific rule group, or to a single rule.
An exclusion list can be configured using PowerShell, Azure CLI, Rest API, or the Azure portal.
For more details, please read the WAF exclusion lists overview.