I’ve posted previously about some Azure WAF rules that you might want to disable. Well, here’s some more:

942450 – SQL Hex Encoding Identified

Blocks header values with values that look like encoded hex – e.g. ?0x?? – which looks like a SQL injection attack.

Unfortunately, this can occur naturally in some cookie values, such as __RequestVerificationToken and ASP.NET_SessionId . We specifically excluded those from processing by 942450

942100 – SQL Injection Attack Detected via libinjection

Very similar to above, this blocks header values with unicode encoded characters, which looks like a SQL injection attack.

Again, unfortunately, this can occur naturally in some cookie values, such as __RequestVerificationToken and ASP.NET_SessionId . We specifically excluded those from processing by 942100

100200 – Badbots

You’d think a rule like this would be safe, wouldn’t you? Unfortunately, it blocked GoogleBot from our site. This was due to our CDN, as this forwards GoogleBot’s requests, but from a different (wrong) IP. The rules in this then judge this to be a fraudulent bot as it is not from the correct IP Address range.

We disabled this rule, in the end, not least as we did have other protections against malicious bots in place at the CDN level.