You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/web-application-firewall/ag/application-gateway-waf-configuration.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ description: This article provides information on Web Application Firewall exclu
4
4
services: web-application-firewall
5
5
author: vhorne
6
6
ms.service: azure-web-application-firewall
7
-
ms.date: 05/17/2023
7
+
ms.date: 01/13/2025
8
8
ms.author: victorh
9
9
ms.topic: concept-article
10
10
ms.custom: devx-track-azurepowershell
@@ -37,9 +37,9 @@ You can specify an exact request header, body, cookie, or query string attribute
37
37
-**Starts with**: This operator matches all fields that start with the specified selector value.
38
38
-**Ends with**: This operator matches all request fields that end with the specified selector value.
39
39
-**Contains**: This operator matches all request fields that contain the specified selector value.
40
-
-**Equals any**: This operator matches all request fields. * will be the selector value. For example, you would use this operator when you don't know the exact values for a given match variable but want to make sure that the request traffic still gets excluded from rules evaluation.
40
+
-**Equals any**: This operator matches all request fields. * is the selector value. For example, you would use this operator when you don't know the exact values for a given match variable but want to make sure that the request traffic still gets excluded from rules evaluation.
41
41
42
-
When processing exclusions the WAF engine performs a case sensitive/insensitive match based on the below table. Additionally, regular expressions aren't allowed as selectors and XML request bodies aren't supported.
42
+
When processing exclusions the WAF engine performs a case sensitive/insensitive match based on the following table. Additionally, regular expressions aren't allowed as selectors and XML request bodies aren't supported.
43
43
44
44
| Request Body Part | CRS 3.1 and Earlier | CRS 3.2 and Later |
45
45
|-|-|-|
@@ -77,7 +77,7 @@ In contrast, if your WAF detects the header's name (`My-Header`) as an attack, y
77
77
78
78
#### Request attribute examples
79
79
80
-
The below table shows some examples of how you might structure your exclusion for a given match variable.
80
+
The following table shows some examples of how you might structure your exclusion for a given match variable.
81
81
82
82
| Attribute to Exclude | matchVariable | selectorMatchOperator | Example selector | Example request | What gets excluded |
So if the URL `http://www.contoso.com/?user%3c%3e=joe` is scanned by the WAF, it won't evaluate the string **joe**, but it still evaluates the parameter name **user%3c%3e**.
529
+
So if the URL `http://www.contoso.com/?user%3c%3e=joe` is scanned by the WAF, it doesn't evaluate the string **joe**, but it still evaluates the parameter name **user%3c%3e**.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments