undo move js location

Author: vhorne

.openpublishing.redirection.json

@@ -2608,12 +2608,6 @@
             "redirect_url": "/azure/web-application-firewall/cdn/cdn-overview",
             "redirect_document_id": false
         },
-        {
-            "source_path_from_root": "/articles/web-application-firewall/waf-javascript-challenge.md",
-            "redirect_url": "/azure/web-application-firewall/afds/waf-javascript-challenge",
-            "redirect_document_id": false
-        },
-
         {
             "source_path_from_root": "/articles/web-application-firewall/ag/whats-new.md",
             "redirect_url": "/azure/web-application-firewall/ag/ag-overview#whats-new",

articles/web-application-firewall/toc.yml

@@ -87,8 +87,6 @@ items:
       href: ./afds/waf-front-door-rate-limit.md
     - name: Geo-filtering
       href: ./afds/waf-front-door-geo-filtering.md
-    - name: JavaScript challenge
-      href: ./afds/waf-javascript-challenge.md
     - name: Best practices
       href: ./afds/waf-front-door-best-practices.md
     - name: FAQ
@@ -103,6 +101,8 @@ items:
       href: waf-copilot.md
   - name: WAF and Azure Policy
     href: ./shared/waf-azure-policy.md
+  - name: JavaScript challenge
+    href: ./afds/waf-javascript-challenge.md
 - name: How-to guides
   items:
   - name: Application Gateway

articles/web-application-firewall/afds/waf-javascript-challenge.md renamed to articles/web-application-firewall/waf-javascript-challenge.md

@@ -27,11 +27,11 @@ The JavaScript challenge is an invisible web challenge used to distinguish betwe
 
 Here's an example JavaScript challenge page:
 
-:::image type="content" source="../media/waf-javascript-challenge/javascript-challenge-page.png" alt-text="Screenshot showing the JavaScript challenge page.":::
+:::image type="content" source="media/waf-javascript-challenge/javascript-challenge-page.png" alt-text="Screenshot showing the JavaScript challenge page.":::
 
 ## Expiration
 
-The WAF policy setting defines the JavaScript challenge cookie validity lifetime in minutes. The user is challenged after the lifetime expires. The lifetime is an integer between 5 and 1440 and the default is 30 minutes. The JavaScript challenge cookie name is `afd_azwaf_jsclearance`.
+The WAF policy setting defines the JavaScript challenge cookie validity lifetime in minutes. The user is challenged after the lifetime expires. The lifetime is an integer between 5 and 1440 minutes and the default is 30 minutes. The JavaScript challenge cookie name is `afd_azwaf_jsclearance` on Azure Front Door, and `appgw_azwaf_jsclearance` on Azure Application Gateway.
 
 > [!NOTE]
 > The JavaScript challenge expiration cookie is injected into the user’s browser after successfully completing the challenge.
@@ -42,4 +42,5 @@ The WAF policy setting defines the JavaScript challenge cookie validity lifetime
 - If the first call that receives a JavaScript challenge has a POST body size greater than 128 KB, it blocks it. Additionally, challenges for non-HTML resources embedded in a page aren't supported. For example images, css, js, and so on. However, if there's a prior successful JavaScript challenge request, then the previous limitations are removed.
 - The challenge isn't supported on Microsoft Internet Explorer. The challenge is supported on the latest versions of the Microsoft Edge, Chrome, Firefox, and Safari web browsers.
 - Cross-origin resource sharing (CORS) requests result in a challenge loop. If you visit a page that triggers the JavaScript challenge action from a domain that isn't the same as the domain running the JavaScript challenge, you're challenged regardless of prior challenge passes.
-- If one IP address receives the JavaScript challenge and a different IP address solves it, the computation result becomes invalid, potentially causing a challenge loop.
+- If one IP address receives the JavaScript challenge, and a different IP address that belongs to the same domain solves it, the computation result becomes invalid, potentially causing a challenge loop.
+- The JavaScript Challenge action on Web Application Firewall on Application Gateway is not supported for *Rate Limit* type custom rules during the public preview.