Merge pull request #294368 from MicrosoftDocs/repo_sync_working_branch

Taojunshen · web-flow · commit 3c91e67219e9 · 2025-02-11T06:32:24.000+08:00
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)
diff --git a/articles/application-gateway/configuration-infrastructure.md b/articles/application-gateway/configuration-infrastructure.md
@@ -87,7 +87,9 @@ Depending on whether you're creating new resources or using existing ones, add t
 | Subnet | Use existing| Microsoft.Network/virtualNetworks/subnets/read<br>Microsoft.Network/virtualNetworks/subnets/join/action |
 | IP addresses| Create new| Microsoft.Network/publicIPAddresses/write<br>Microsoft.Network/publicIPAddresses/join/action |
 | IP addresses  | Use existing| Microsoft.Network/publicIPAddresses/read<br>Microsoft.Network/publicIPAddresses/join/action |
-| ApplicationGatewayWebApplicationFirewallPolicies | Create new / Update existing | Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/write Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/join/action |
+| ApplicationGatewayWebApplicationFirewallPolicies | Create new / Update existing | Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/write 
+Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/read 
+Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/join/action |
 
 For more information, see [Azure permissions for Networking](../role-based-access-control/permissions/networking.md) and [Virtual network permissions](../virtual-network/virtual-network-manage-subnet.md#permissions).
 ## Roles scope
diff --git a/articles/application-gateway/rewrite-http-headers-url.md b/articles/application-gateway/rewrite-http-headers-url.md
@@ -256,7 +256,7 @@ For a URL redirect, Application Gateway sends a redirect response to the client
 - Rewrites aren't supported when the application gateway is configured to redirect the requests or to show a custom error page.
 - Request header names can contain alphanumeric characters and hyphens. Headers names containing other characters will be discarded when a request is sent to the backend target.
 - Response header names can contain any alphanumeric characters and specific symbols as defined in [RFC 7230](https://tools.ietf.org/html/rfc7230#page-27).
-- Connection and upgrade headers cannot be rewritten
+- X-Original-Host, Connection, and upgrade headers cannot be rewritten
 - Rewrites aren't supported for 4xx and 5xx responses generated directly from Application Gateway
 
 ## Next steps
diff --git a/articles/private-link/network-security-perimeter-concepts.md b/articles/private-link/network-security-perimeter-concepts.md
@@ -98,7 +98,8 @@ A network security perimeter-aware private link resource is a PaaS resource that
 | [Storage](/azure/storage/common/storage-network-security#network-secuirty-perimeter-preview)               | Microsoft.Storage/storageAccounts | - |
 
 > [!NOTE]
-> 
+> Refer to the respective private link resource documentation for information on currently unsupported scenarios.
+
 ## Limitations of a network security perimeter
 
 ### Regional limitations
