Skip to content

Commit 146d2b2

Browse files
Miskatonic-ElectronicMiskatonic-Electronic
authored
Update application-gateway-waf-configuration.md
Per mail thread (RE: Managed Rules Exclusion | RequestHeaderValues contains both Header and Value?) improving the language around header values/keys in exclusions.
1 parent 3e59c9c commit 146d2b2

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

articles/web-application-firewall/ag/application-gateway-waf-configuration.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -54,14 +54,14 @@ For example, suppose your requests include this header:
5454
My-Header: 1=1
5555
```
5656

57-
The value of the header (`1=1`) might be detected as an attack by the WAF. But if you know this is a legitimate value for your scenario, you can configure an exclusion for the *value* of the header. To do so, you use the **RequestHeaderValues** request attribute, and select the header name (`My-Header`) with the value that should be ignored.
57+
The value of the header (`1=1`) might be detected as an attack by the WAF. But if you know this is a legitimate value for your scenario, you can configure an exclusion for the *value* of the header. To do so, you use the **RequestHeaderValues** match variable, the operator **contains**, and the selector (`1=1`).
5858

5959
> [!NOTE]
6060
> Request attributes by key and values are only available in CRS 3.2 and newer.
6161
>
6262
> Request attributes by names work the same way as request attributes by values, and are included for backward compatibility with CRS 3.1 and earlier versions. We recommend you use request attributes by values instead of attributes by names. For example, use **RequestHeaderValues** instead of **RequestHeaderNames**.
6363
64-
In contrast, if your WAF detects the header's name (`My-Header`) as an attack, you could configure an exclusion for the header *key* by using the **RequestHeaderKeys** request attribute. The **RequestHeaderKeys** attribute is only available in CRS 3.2 and newer.
64+
In contrast, your WAF might detect the header's name (`My-Header`) as an attack. You can configure an exclusion for the header *key* by using the **RequestHeaderKeys** match variable, the operator **equals**, and the selector (`My-Header`). The **RequestHeaderKeys** attribute is only available in CRS 3.2 and newer.
6565

6666
## Exclusion scopes
6767

0 commit comments

Comments
 (0)