Update application-gateway-waf-configuration.md

Miskatonic-Electronic · web-flow · commit a918ea8ac869 · 2022-10-20T11:07:38.000-07:00
Updating documentation per work item: Task 15492318: Documentation correction for exclusion list case sensitivity https://msazure.visualstudio.com/One/_workitems/edit/15492318 Should be minor updates, but I was a little confused by the explanation in the work item. Open to any feedback on how we can re-word this. It seems the difference between case sensitivity, or insensitivity, is determined by name vs value for request URI and request header. However, when I look at the supported exclusion match variables in the portal, I only see name variables supported. Any insight would be appreciated.
diff --git a/articles/web-application-firewall/ag/application-gateway-waf-configuration.md b/articles/web-application-firewall/ag/application-gateway-waf-configuration.md
@@ -39,6 +39,10 @@ You can specify an exact request header, body, cookie, or query string attribute
 - **Contains**: This operator matches all request fields that contain the specified selector value.
 - **Equals any**: This operator matches all request fields. * will be the selector value.
 
+Request URI query strings are case sensitive. While the scheme and host are case-insensitive and normally provided in lowercase; all other components are compared in a case-sensitive manner. Therefore, exclusion rules for query strings should be written in a case sensitive format.
+
+Request header names are case insensitive. However, request header values are case sensitive. 
+
 In all cases matching is case insensitive. Regular expressions aren't allowed as selectors.
 
 > [!NOTE]
