It is common that some applications require certain data in requests that resemble attacks or parts of attacks, and these are picked up by the WAF. In this case you can disable the specific rule, in the group, that is blocking the requests.
The other option is to see what is triggering the rule, and change the app to avoid it. Unofrutnately, unlike traditional, full blown WAF security solutions, the content of F5 rules for AWS WAF is not visible and cannot be viewed. You may send us the HTTP request that was blocked and the name of the rule that matched it and we can provide more information.
About your second question to exclude URIs - The F5 Rule groups only inspect the traffic and match it against the rules to detect possible attacks. Control over which traffic to inspect and which not to is done by the AWS WAF infrastructure.