add a note for request body match variable

Author: halkazwini

articles/web-application-firewall/afds/waf-sensitive-data-protection-configure-frontdoor.md

@@ -1,11 +1,11 @@
 ---
 title: How to mask sensitive data on Azure Web Application Firewall on Azure Front Door
-description: Learn how to mask sensitive data on Azure Web Application Firewall on Azure Front Door.
+description: Learn how to mask sensitive data on Azure Web Application Firewall (WAF) for Azure Front Door using the log scrubbing feature.
 author: halkazwini
 ms.author: halkazwini
 ms.service: azure-web-application-firewall
 ms.topic: how-to
-ms.date: 06/24/2024
+ms.date: 04/29/2025
 ---
 
 # How to mask sensitive data on Azure Web Application Firewall on Azure Front Door
@@ -17,17 +17,18 @@ The Web Application Firewall's (WAF) Log Scrubbing tool helps you remove sensiti
 
 The following table shows examples of log scrubbing rules that can be used to protect your sensitive data:
 
-| Match Variable | Operator | Selector | What gets scrubbed |
+| Match variable | Operator | Selector | What gets scrubbed |
 | --- | --- | --- | --- |
 | Request Header Names | Equals | keytoblock | {"matchVariableName":"HeaderValue:keytoblock","matchVariableValue":"****"} |
 | Request Cookie Names | Equals | cookietoblock | {"matchVariableName":"CookieValue:cookietoblock","matchVariableValue":"****"} |
-| Request Post Arg Names | Equals | var | {"matchVariableName":"PostParamValue:var","matchVariableValue":"****"} |
-| Request Body JSON Arg Names | Equals | JsonValue | {"matchVariableName":"JsonValue:key","matchVariableValue":"****"} |
+| Request Post Arg Names <sup>1</sup> | Equals | var | {"matchVariableName":"PostParamValue:var","matchVariableValue":"****"} |
+| Request Body JSON Arg Names <sup>1</sup> | Equals | JsonValue | {"matchVariableName":"JsonValue:key","matchVariableValue":"****"} |
 | Query String Arg Names | Equals | foo | {"matchVariableName":"QueryParamValue:foo","matchVariableValue":"****"} |
-| Request IP Address* | Equals Any | NULL | {"matchVariableName":"ClientIP","matchVariableValue":"****"} |
+| Request IP Address <sup>2</sup> | Equals Any | NULL | {"matchVariableName":"ClientIP","matchVariableValue":"****"} |
 | Request URI | Equals Any | NULL | {"matchVariableName":"URI","matchVariableValue":"****"} |
 
-\* Request IP Address and Request URI rules only support the *equals any* operator and scrubs all instances of the requestor's IP address that appears in the WAF logs.
+<sup>1</sup> The whole request body is scrubbed if this rule is triggered and the request content type is `application/x-www-form-urlencoded` or `application/json`.
+<sup>2</sup> Request IP Address and Request URI rules only support the *equals any* operator and scrubs all instances of the requestor's IP address that appears in the WAF logs.
 
 For more information, see [What is Azure Web Application Firewall on Azure Front Door Sensitive Data Protection?](waf-sensitive-data-protection-frontdoor.md)
 
@@ -56,7 +57,7 @@ Repeat to add more rules.
 
 Use the following Azure PowerShell commands to create and configure Log Scrubbing rules for Sensitive Data Protection:
 
-```azurepowershell
+```azurepowershell-interactive
 New-AzFrontDoorWafLogScrubbingRuleObject -MatchVariable <String> -SelectorMatchOperator <String>
  -State <String> [-Selector <String>] [-DefaultProfile <IAzureContextContainer>]
  [<CommonParameters>]
@@ -65,23 +66,22 @@ New-AzFrontDoorWafLogScrubbingSettingObject -ScrubbingRule <PSFrontDoorWafLogScr
  [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
 ```
 
-#### [CLI](#tab/cli)
+#### [Azure CLI](#tab/cli)
 
 Use the following Command Line Interface commands to [create and configure](/cli/azure/network/front-door/waf-policy) Log Scrubbing rules for Sensitive Data Protection:
 
-```CLI
+```azurecli-interactive
 az network front-door waf-policy update -g <MyResourceGroup> -n <MyPolicyName> --log-scrubbing "{scrubbing-rules:[{match-variable:<MatchVariable>,selector-match-operator:<Operator>}],state:<Enabled/Disabled>}"
 ```
 
-
 ---
 
 ## Verify Sensitive Data Protection
 
 To verify your Sensitive Data Protection rules, open the Front Door firewall log and search for _******_ in place of the sensitive fields.
 
-## Next steps
+## Related content
 
+- [What is Azure Web Application Firewall on Azure Front Door Sensitive Data Protection?](waf-sensitive-data-protection-frontdoor.md)
 - [Azure Web Application Firewall monitoring and logging](../afds/waf-front-door-monitor.md)
 - [A Closer Look at Azure WAF’s Data Masking Capabilities for Azure Front Door](https://techcommunity.microsoft.com/t5/azure-network-security-blog/a-closer-look-at-azure-waf-s-data-masking-capabilities-for-azure/ba-p/4167558)
-