For our Moodle, we already activated Web Application Firewall service on the Fortigate firewall with the attached settings and still have the same issues.
Most of the issues that we face is SQL injection; appears when the user try to upload a file.
Generic Attacks; when the user try to use some Moodle functions like edit a topic in the course page.