Web application firewall blocks NAV web client


We are facing a situation that looks rather strange. A client has NAV 2016 installed on an Azure virtual machine. Recently, they enabled the Azure web application firewall, and immediately it started blocking NAV web client. Even the login page triggers some WAF rules like SQL injection attack, cross-site scripting, and a few more. Obviously, we can’t customize anything in the way NAV client communicated with the server, which leaves us with an assumption that Azure application firewall finds NAV platform code unsafe.

Has somebody seen anything like this? Are there any recommendations on security settings for NAV in Azure? Would be great if somebody could share experience of setting WAF security rules on a VM with NAV / BC installation.