Azure Waf restrict login URL's

We want the pages “域名售卖” and “域名售卖” to be inaccessible from the internet. Now we have it in Azure published through an Azure Waf, but we can’t get with waf deny rules to restrict those URis. It seems that by having the # symbol the WAF does not take them as part of the URL.
What solution is there?