diff --git a/internal/services/network/validate/web_application_firewall_policy.go b/internal/services/network/validate/web_application_firewall_policy.go
index 6cc5dbce8e46..324410e739f1 100644
--- a/internal/services/network/validate/web_application_firewall_policy.go
+++ b/internal/services/network/validate/web_application_firewall_policy.go
@@ -7,6 +7,8 @@ import (
 	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation"
 )
 
+// ValidateWebApplicationFirewallPolicyRuleGroupName the following command will return a list of available Rule Group Names with information on whether the rules are GA, Deprecated, etc.:
+// az rest --method get --url “https://management.azure.com/subscriptions/{subscription_id_here}/providers/Microsoft.Network/locations/{location}/applicationGatewayWafDynamicManifests/default?api-version=2023-05-01” --query “properties.availableRuleSets[].ruleGroups[].ruleGroupName” | sort | uniq
 var ValidateWebApplicationFirewallPolicyRuleGroupName = validation.StringInSlice([]string{
 	"BadBots",
 	"crs_20_protocol_violations",
@@ -19,8 +21,10 @@ var ValidateWebApplicationFirewallPolicyRuleGroupName = validation.StringInSlice
 	"crs_41_xss_attacks",
 	"crs_42_tight_security",
 	"crs_45_trojans",
+	"crs_49_inbound_blocking",
 	"General",
 	"GoodBots",
+	"KnownBadBots",
 	"Known-CVEs",
 	"REQUEST-911-METHOD-ENFORCEMENT",
 	"REQUEST-913-SCANNER-DETECTION",
@@ -38,15 +42,15 @@ var ValidateWebApplicationFirewallPolicyRuleGroupName = validation.StringInSlice
 	"METHOD-ENFORCEMENT",
 	"PROTOCOL-ENFORCEMENT",
 	"PROTOCOL-ATTACK",
-	"APPLICATION-ATTACK-LFI",
-	"APPLICATION-ATTACK-RFI",
-	"APPLICATION-ATTACK-RCE",
-	"APPLICATION-ATTACK-PHP",
-	"APPLICATION-ATTACK-NodeJS",
-	"APPLICATION-ATTACK-XSS",
-	"APPLICATION-ATTACK-SQLI",
-	"APPLICATION-ATTACK-SESSION-FIXATION",
-	"APPLICATION-ATTACK-SESSION-JAVA",
+	"LFI",
+	"RFI",
+	"RCE",
+	"PHP",
+	"NODEJS",
+	"XSS",
+	"SQLI",
+	"FIX",
+	"JAVA",
 	"MS-ThreatIntel-WebShells",
 	"MS-ThreatIntel-AppSec",
 	"MS-ThreatIntel-SQLI",
diff --git a/internal/services/network/web_application_firewall_policy_resource_test.go b/internal/services/network/web_application_firewall_policy_resource_test.go
index f8f40278b81d..96eecd083562 100644
--- a/internal/services/network/web_application_firewall_policy_resource_test.go
+++ b/internal/services/network/web_application_firewall_policy_resource_test.go
@@ -1421,6 +1421,87 @@ resource "azurerm_web_application_firewall_policy" "test" {
           action  = "Log"
         }
       }
+
+      rule_group_override {
+        rule_group_name = "LFI"
+        rule {
+          id      = "930100"
+          enabled = false
+          action  = "Log"
+        }
+      }
+
+      rule_group_override {
+        rule_group_name = "RFI"
+        rule {
+          id      = "931100"
+          enabled = false
+          action  = "Log"
+        }
+      }
+
+      rule_group_override {
+        rule_group_name = "RCE"
+        rule {
+          id      = "932100"
+          enabled = false
+          action  = "Log"
+        }
+      }
+
+      rule_group_override {
+        rule_group_name = "PHP"
+        rule {
+          id      = "933100"
+          enabled = false
+          action  = "Log"
+        }
+      }
+
+      rule_group_override {
+        rule_group_name = "NODEJS"
+        rule {
+          id      = "934100"
+          enabled = false
+          action  = "Log"
+        }
+      }
+
+      rule_group_override {
+        rule_group_name = "XSS"
+        rule {
+          id      = "941100"
+          enabled = false
+          action  = "Log"
+        }
+      }
+
+      rule_group_override {
+        rule_group_name = "SQLI"
+        rule {
+          id      = "942100"
+          enabled = false
+          action  = "Log"
+        }
+      }
+
+      rule_group_override {
+        rule_group_name = "FIX"
+        rule {
+          id      = "943100"
+          enabled = false
+          action  = "Log"
+        }
+      }
+
+      rule_group_override {
+        rule_group_name = "JAVA"
+        rule {
+          id      = "944100"
+          enabled = false
+          action  = "Log"
+        }
+      }
     }
   }
 }
diff --git a/website/docs/r/web_application_firewall_policy.html.markdown b/website/docs/r/web_application_firewall_policy.html.markdown
index eafb6604b286..c4b7ab10eac5 100644
--- a/website/docs/r/web_application_firewall_policy.html.markdown
+++ b/website/docs/r/web_application_firewall_policy.html.markdown
@@ -245,7 +245,7 @@ The `managed_rule_set` block supports the following:
 
 The `rule_group_override` block supports the following:
 
-* `rule_group_name` - (Required) The name of the Rule Group. Possible values are `BadBots`, `crs_20_protocol_violations`, `crs_21_protocol_anomalies`, `crs_23_request_limits`, `crs_30_http_policy`, `crs_35_bad_robots`, `crs_40_generic_attacks`, `crs_41_sql_injection_attacks`, `crs_41_xss_attacks`, `crs_42_tight_security`, `crs_45_trojans`, `General`, `GoodBots`, `Known-CVEs`, `REQUEST-911-METHOD-ENFORCEMENT`, `REQUEST-913-SCANNER-DETECTION`, `REQUEST-920-PROTOCOL-ENFORCEMENT`, `REQUEST-921-PROTOCOL-ATTACK`, `REQUEST-930-APPLICATION-ATTACK-LFI`, `REQUEST-931-APPLICATION-ATTACK-RFI`, `REQUEST-932-APPLICATION-ATTACK-RCE`, `REQUEST-933-APPLICATION-ATTACK-PHP`, `REQUEST-941-APPLICATION-ATTACK-XSS`, `REQUEST-942-APPLICATION-ATTACK-SQLI`, `REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION`, `REQUEST-944-APPLICATION-ATTACK-JAVA` `UnknownBots`,  `METHOD-ENFORCEMENT`, `PROTOCOL-ENFORCEMENT`, `PROTOCOL-ATTACK`, `APPLICATION-ATTACK-LFI`, `APPLICATION-ATTACK-RFI`, `APPLICATION-ATTACK-RCE`, `APPLICATION-ATTACK-PHP`, `APPLICATION-ATTACK-NodeJS`, `APPLICATION-ATTACK-XSS`, `APPLICATION-ATTACK-SQLI`, `APPLICATION-ATTACK-SESSION-FIXATION`, `APPLICATION-ATTACK-SESSION-JAVA`, `MS-ThreatIntel-WebShells`,
+* `rule_group_name` - (Required) The name of the Rule Group. Possible values are `BadBots`, `crs_20_protocol_violations`, `crs_21_protocol_anomalies`, `crs_23_request_limits`, `crs_30_http_policy`, `crs_35_bad_robots`, `crs_40_generic_attacks`, `crs_41_sql_injection_attacks`, `crs_41_xss_attacks`, `crs_42_tight_security`, `crs_45_trojans`, `crs_49_inbound_blocking`, General`, `GoodBots`, `KnownBadBots`, `Known-CVEs`, `REQUEST-911-METHOD-ENFORCEMENT`, `REQUEST-913-SCANNER-DETECTION`, `REQUEST-920-PROTOCOL-ENFORCEMENT`, `REQUEST-921-PROTOCOL-ATTACK`, `REQUEST-930-APPLICATION-ATTACK-LFI`, `REQUEST-931-APPLICATION-ATTACK-RFI`, `REQUEST-932-APPLICATION-ATTACK-RCE`, `REQUEST-933-APPLICATION-ATTACK-PHP`, `REQUEST-941-APPLICATION-ATTACK-XSS`, `REQUEST-942-APPLICATION-ATTACK-SQLI`, `REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION`, `REQUEST-944-APPLICATION-ATTACK-JAVA` `UnknownBots`, `METHOD-ENFORCEMENT`, `PROTOCOL-ENFORCEMENT`, `PROTOCOL-ATTACK`, `LFI`, `RFI`, `RCE`, `PHP`, `NODEJS`, `XSS`, `SQLI`, `FIX`, `JAVA`, `MS-ThreatIntel-WebShells`,
 
 * `rule` - (Optional) One or more `rule` block defined below.