The Confluence CVE-2021-26084 critical vulnerability is in active exploitation, quick mitigation on ASM is to add the following URL to the Disallowed URL:
Make sure that you enable blocking on the 'Ilegal URL' violation.
Patch/update your Confluence:
Link to Confluence Security Advisory - 2021-08-25:
This is how attackers currently bypass WAF:
The "quick mitigation" on ASM is to