Skip to content

Commit 9edb94b

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #228598 from johndowns/waf-decoded-initial-body-contents
WAF - Describe DecodedInitialBodyContents
2 parents 2b27042 + d148d19 commit 9edb94b

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

articles/web-application-firewall/afds/waf-front-door-exclusion.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ description: This article provides information on exclusion lists configuration
44
services: web-application-firewall
55
author: vhorne
66
ms.service: web-application-firewall
7-
ms.date: 10/18/2022
7+
ms.date: 03/07/2023
88
ms.author: victorh
99
ms.topic: conceptual
1010
---
@@ -57,9 +57,9 @@ Header and cookie names are case insensitive. Query strings, POST arguments, and
5757

5858
### Body contents inspection
5959

60-
Some of the managed rules evaluate the raw payload of the request body, before it's parsed into POST arguments or JSON arguments. So, in some situations you might see log entries with a matchVariableName of `InitialBodyContents`.
60+
Some of the managed rules evaluate the raw payload of the request body, before it's parsed into POST arguments or JSON arguments. So, in some situations you might see log entries with a matchVariableName of `InitialBodyContents` or `DecodedInitialBodyContents`.
6161

62-
For example, suppose you create an exclusion with a match variable of *Request body POST args* and a selector to identify and ignore POST arguments named *FOO*. You'll no longer see any log entries with a matchVariableName of `PostParamValue:FOO`. However, if a POST argument named *FOO* contains text that triggers a rule, the log might show the detection in the initial body contents.
62+
For example, suppose you create an exclusion with a match variable of *Request body POST args* and a selector to identify and ignore POST arguments named *FOO*. You'll no longer see any log entries with a matchVariableName of `PostParamValue:FOO`. However, if a POST argument named *FOO* contains text that triggers a rule, the log might show the detection in the initial body contents. You can't currently create exclusions for initial body contents.
6363

6464
## <a name="define-exclusion-based-on-web-application-firewall-logs"></a> Define exclusion rules based on Web Application Firewall logs
6565

0 commit comments

Comments
 (0)