Block XSS traffic on my site

Hello, we need block the traffic with contents XSS vulnerabilities, for example:

https:/site.com/catalogsearch/result/?q=%22%20onEvent%3DX158762820Y1Z%20

this is a Reflected Cross-Site Scripting (XSS) vulnerabilities

I activate many rules on WAF on this site, but not working.

Do you can you help-me?