Update application-gateway-waf-configuration.md

ZarrVenkat · web-flow · commit 95a4dae8f269 · 2023-04-28T15:10:50.000+05:30
diff --git a/articles/web-application-firewall/ag/application-gateway-waf-configuration.md b/articles/web-application-firewall/ag/application-gateway-waf-configuration.md
@@ -57,11 +57,11 @@ My-Header: 1=1
 The value of the header (`1=1`) might be detected as an attack by the WAF. But if you know this is a legitimate value for your scenario, you can configure an exclusion for the *value* of the header. To do so, you use the **RequestHeaderValues** match variable, the operator **contains**, and the selector (`My-Header`).
 
 > [!NOTE]
-> Request attributes by key and values are only available in CRS 3.2 or newer and Bot Manager 1.0 or newer.
+> Request attributes by key and values are only available in DRS 2.1 / CRS 3.2 or newer and Bot Manager 1.0 or newer.
 >
 > Request attributes by names work the same way as request attributes by values, and are included for backward compatibility with CRS 3.1 and earlier versions. We recommend you use request attributes by values instead of attributes by names. For example, use **RequestHeaderValues** instead of **RequestHeaderNames**.
 
-In contrast, if your WAF detects the header's name (`My-Header`) as an attack, you could configure an exclusion for the header *key* by using the **RequestHeaderKeys** request attribute. The **RequestHeaderKeys** attribute is only available in CRS 3.2 or newer and Bot Manager 1.0 or newer.
+In contrast, if your WAF detects the header's name (`My-Header`) as an attack, you could configure an exclusion for the header *key* by using the **RequestHeaderKeys** request attribute. The **RequestHeaderKeys** attribute is only available in DRS 2.1 / CRS 3.2 or newer and Bot Manager 1.0 or newer.
 
 ## Exclusion scopes
 
@@ -74,7 +74,7 @@ Exclusions can be configured to apply to a specific set of WAF rules, to ruleset
 
 You can configure an exclusion for a specific rule, group of rules, or rule set. You must specify the rule or rules that the exclusion applies to. You also need to specify the request attribute that should be excluded from the WAF evaluation. To exclude a complete group of rules, only provide the `ruleGroupName` parameter, the `rules` parameter is only useful when you want to limit the exclusion to specific rules of a group.
 
-Per-rule exclusions are available when you use the OWASP (CRS) ruleset version 3.2 or later or Bot Manager ruleset version 1.0 or later.
+Per-rule exclusions are available when you use the DRS ruleset versions 2.1 / OWASP (CRS) ruleset version 3.2 or later or Bot Manager ruleset version 1.0 or later.
 
 #### Example
 
