Which exactly issue do you have? Please attach audit or debug log or PM it to me.
Many, many 403s with the same characteristics:
Request:
GET /<>/
Action Description:
Access denied with code 403 (phase 2).
Justification:
Matched phrase “/via/” at TX:header_name.
All users reporting this are on AT&T.
Exclude /via/ from userdata_bl_headers or just download fresh rules if you are using standalone CWAF.