Merge pull request #89478 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/Microsoft/azure-docs (branch master)

Author: huypub

articles/app-service/app-service-web-get-started-dotnet.md

@@ -85,7 +85,7 @@ Create an ASP.NET Core web app by following these steps:
 
    [!INCLUDE [app-service-plan](../../includes/app-service-plan.md)]
 
-1. For to **Hosting Plan**, select **New**.
+1. For the **Hosting Plan**, select **New**.
 
 1. In the **Configure Hosting Plan** dialog, enter the values from the following table, and then select **OK**.
 

articles/application-gateway/application-gateway-crs-rulegroups-rules.md

@@ -192,6 +192,7 @@ The following rule groups and rules are available when using Application Gateway
 |942270|Looking for basic sql injection. Common attack string for mysql oracle and others.|
 |942290|Finds basic MongoDB SQL injection attempts|
 |942300|Detects MySQL comments, conditions and ch(a)r injections|
+|942310|Detects chained SQL injection attempts 2/2|
 |942320|Detects MySQL and PostgreSQL stored procedure/function injections|
 |942330|Detects classic SQL injection probings 1/2|
 |942340|Detects basic SQL authentication bypass attempts 3/3|

articles/frontdoor/waf-overview.md

@@ -68,7 +68,7 @@ A WAF policy can consist of two types of security rules - custom rules, authored
 
 You can configure custom rules WAF as follows:
 
-- **IP allow list and block list:** You can configure custom rules to control access to your web applications based on a list of client IP addresses or IP address ranges. Both IPv4 and IPv6 address types are supported. This list can be configured to either block or allow those requests where the source IP matches an IP in the list.
+- **IP allow list and block list:** You can configure custom rules to control access to your web applications based on a list of client IP addresses or IP address ranges. Both IPv4 and IPv6 address types are supported. This list can be configured to either block or allow those requests where the source IP matches an IP in the list. A client IP address can be different from the IP address WAF observes, for example, when a client accesses WAF via a proxy. You can create [IP restriction rules](https://docs.microsoft.com/azure/frontdoor/waf-front-door-configure-ip-restriction) based on either Client IP addresses (RemoteAddr) or IP addresses seen by WAF (SocketAddr). Configuration of a SocketAddr IP restriction rule is currently supported using Powershell and Azure CLI.
 
 - **Geographic based access control:** You can configure custom rules to control access to your web applications based on the country code associated with a client’s IP address.
 

articles/key-vault/about-keys-secrets-and-certificates.md

@@ -193,7 +193,7 @@ You can specify additional application-specific metadata in the form of tags. Ke
 
 ###  Key access control
 
-Access control for keys managed by Key Vault is provided at the level of a Key Vault that acts as the container of keys. The access control policy for keys, is distinct from the access control policy for secrets in the same Key Vault. Users may create one or more vaults to hold keys, and are required to maintain scenario appropriate segmentation and management of keys. Access control for keys is independent of access control for secrets.  
+Access control for keys managed by Key Vault is provided at the level of a Key Vault that acts as the container of keys. The access control policy for keys is distinct from the access control policy for secrets in the same Key Vault. Users may create one or more vaults to hold keys, and are required to maintain scenario appropriate segmentation and management of keys. Access control for keys is independent of access control for secrets.  
 
 The following permissions can be granted, on a per user / service principal basis, in the keys access control entry on a vault. These permissions closely mirror the operations allowed on a key object.  Granting access to an service principal in key vault is a onetime operation, and it will remain same for all Azure subscriptions. You can use it to deploy as many certificates as you want. 
 

includes/virtual-machines-managed-disks-overview.md

@@ -40,13 +40,13 @@ You can use [Azure role-based access control (RBAC)](../articles/role-based-acce
 
 ## Encryption
 
-Managed disks offer two different kinds of encryption. The first is Storage Service Encryption (SSE), which is performed by the storage service. The second one is Azure Disk Encryption, which you can enable on the OS and data disks for your VMs.
+Managed disks offer two different kinds of encryption. The first is Storage Service Encryption (SSE), which is performed by the storage service. The second one is Azure Disk Encryption (ADE), which you can enable on the OS and data disks for your VMs.
 
 ### Storage Service Encryption (SSE)
 
 [Azure Storage Service Encryption](../articles/storage/common/storage-service-encryption.md) provides encryption-at-rest and safeguards your data to meet your organizational security and compliance commitments. SSE is enabled by default for all managed disks, snapshots, and images in all the regions where managed disks are available. Visit the [Managed Disks FAQ page](../articles/virtual-machines/windows/faq-for-disks.md#managed-disks-and-storage-service-encryption) for more details.
 
-### Azure Disk Encryption (ADE)
+### Azure Disk Encryption
 
 Azure Disk Encryption allows you to encrypt the OS and Data disks used by an IaaS Virtual Machine. This encryption includes managed disks. For Windows, the drives are encrypted using industry-standard BitLocker encryption technology. For Linux, the disks are encrypted using the DM-Crypt technology. The encryption process is integrated with Azure Key Vault to allow you to control and manage the disk encryption keys. For more information, see [Azure Disk Encryption for IaaS VMs](../articles/security/azure-security-disk-encryption-overview.md).