Already have an open case, they said to post here. REG:117010715144805
Enabling WAF mode in the application gateway is indicating a failure that the request doesn't have an Accept header. However, this check is not valid for a websocket request as the Accept header is not permitted on web sockets on current browsers. We have the WAF in detect only mode at the moment as it completely breaks our app otherwise. From log analytics: ...details_message_s: Warning. Operator EQ matched 0 at REQUEST_HEADERS. ...details_file_s:/owasp_crs/base_rules/modsecurity_crs_21_protocol_anomalies.conf
Any suggestions?