Merge pull request #114455 from winthrop28/patch-99

PRMerger17 · web-flow · commit 2f7cef67aba5 · 2020-05-08T06:43:18.000-07:00
updating to add tuning caveat
diff --git a/articles/web-application-firewall/ag/web-application-firewall-troubleshoot.md b/articles/web-application-firewall/ag/web-application-firewall-troubleshoot.md
@@ -15,6 +15,8 @@ There are a few things you can do if requests that should pass through your Web
 
 First, ensure you’ve read the [WAF overview](ag-overview.md) and the [WAF configuration](application-gateway-waf-configuration.md) documents. Also, make sure you’ve enabled [WAF monitoring](../../application-gateway/application-gateway-diagnostics.md) These articles explain how the WAF functions, how the WAF rule sets work, and how to access WAF logs.
 
+The OWASP rulesets are designed to be very strict out of the box, and to be tuned to suit the specific needs of the application or organization using WAF. It is entirely normal, and actually expected in many cases, to create exclusions, custom rules, and even disable rules that may be causing issues or false positives. Per-site and per-URI policies allow for these changes to only affect specific sites/URIs, so any changes shouldn’t have to affect other sites that may not be running into the same issues. 
+
 ## Understanding WAF logs
 
 The purpose of WAF logs is to show every request that is matched or blocked by the WAF. It is a ledger of all evaluated requests that are matched or blocked. If you notice that the WAF blocks a request that it shouldn't (a false positive), you can do a few things. First, narrow down, and find the specific request. Look through the logs to find the specific URI, timestamp, or transaction ID of the request. When you find the  associated log entries, you can begin to act on the false positives.
