FortiAppSec Cloud can detect Duplicate Parameter names in requests after enabling the 'Duplicate Parameter Name' option in Access Rules -> Request Limits.

In the below attack logs, the user can view that FortiAppSec Cloud has detected a Field Parameter name that is repeating more than 1 time. That is why FortiAppSec Cloud blocked the traffic, as action was set as Alert&Deny in module settings. 

Note: There will be no way to bypass this action without changing Action of the module to alert or user can add their IP address to the trust list. However, a trusted IP address will bypass all modules, making sure that the trusted IP will not send the malicious traffic.
If above changes can not be done, then administrator have to remove duplicate parameter from the application level itself.