...
PathPattern is a list of path patterns to match. Each must start with / and the only place a "*" is allowed is at the end following a "/."
...
WAF Policy Priorities
These policies are then associated to an application gateway (global), a listener (per-site), or a path-based rule (per-URI) for them to take effect.
When you associate a WAF policy globally, every site behind your Application Gateway WAF is protected with the same managed rules, custom rules, exclusions, and any other configured settings.
If you want a single policy to apply to all sites, you can associate the policy with the application gateway.
With per-site WAF policies, you can protect multiple sites with differing security needs behind a single WAF by using per-site policies.
For example, if there are five sites behind your WAF, you can have five separate WAF policies (one for each listener) to customize the exclusions, custom rules, managed rule sets, and all other WAF settings for each site.
Say your application gateway has a global policy applied to it.
Then you apply a different policy to a listener on that application gateway.
The listener's policy now takes effect for just that listener.
The application gateway’s global policy still applies to all other listeners and path-based rules that don't have a specific policy assigned to them.
For even more customization down to the URI level, you can associate a WAF policy with a path-based rule. If there are certain pages within a single site that require different policies, you can make changes to the WAF policy that only affect a given URI.
Priotity value: Determines the rule valuation order.
The lower the value, the earlier the evaluation of the rule. The allowable range is from 1-100.
Must be unique across all custom rules.
A rule with priority 40 is evaluated before a rule with priority 80.