I saw other threads. Even confused. I have enabled url normalization and removed percent encoding firewall rule. It says url normalization is applied in these HTTP fields:
http.request.uri.path http.request.full_uri http.request.uri
My question is: I have a firewall rule about
http.request.uri.query contains "%3Cscript"
Should I remove it?
As it is uri.query not uri.path or full_uri or uri, will url normalization impact this?