Confuse in Azure WAF behavior with different browsers

Copper Contributor



I have an Azure Application gateway (WAF) that prevention mode is enabled and the OWASP 3 and the Microsoft Bot rule are activate.
I checked my web application with chrome and refresh and sent many requests with Chrome. Now I received 403 Forbidden. I checked the logs the reason is: 

requestUri_s: /auth/login
requestUri_s: /favicon.ico
Message: SQL Comment Sequence Detected.

But when I open my web application with Edge, it's work well. (Same system and same IP)
1.  What's the reason?
2. How to fix?
If I disable this role, there are risks.
If I trust my IP, I couldn't check and QA my web app.

1 Reply



Better to obtain diagnosis log on more detail between different behavior