When disabling block mode for an application, it means that the traffic for the application will be under monitoring and it will not be blocked by any module of FortiAppSec.

However, there is one module that can still hold the user traffic, and the user will complain about traffic being blocked.

This is happening because of the waiting room feature, as per the waiting room feature definition, 'it will trying to avoid overload condition on origin server', when FortiAppSec finds there is huge traffic which can overload the origin server, to avoid this condition FortiAppSec will hold some user traffic, which does not mean that FortiAppSec blocks the traffic.

It will process after some time; the 'waiting room' feature is disabled when block mode is disabled.