Apply suggestions from code review

securitypedant · hyperlint-ai[bot] · web-flow · commit 7270408ba376 · 2024-11-27T14:23:37.000-08:00
Co-authored-by: hyperlint-ai[bot] &lt;154288675+hyperlint-ai[bot]@users.noreply.github.com&gt;
diff --git a/src/content/docs/reference-architecture/design-guides/designing-ztna-access-policies.mdx b/src/content/docs/reference-architecture/design-guides/designing-ztna-access-policies.mdx
@@ -150,7 +150,7 @@ Each rule is a filter to determine which users this policy is going to affect. T
 
 - **Require** rules set mandatory conditions that must be met for access to be granted. Unlike Include rules, "Require" rules use AND logic — every rule must be met. This is typically used to layer security on top of the basic access criteria defined by Include rules. For example, administrators can require that anyone trying to access an application use specific MFA methods.
 
-- **Exclude** rules define exceptions to access, overriding other rule types. If a user matches an "Exclude" rule, they’re denied access regardless of other policy conditions. For example, a user may meet a requirement to use a MFA method during login, but if their specific [multifactor authentication (MFA) method](/cloudflare-one/policies/access/mfa-requirements/) is defined in an Exclude rule, they’ll be blocked by the policy. Alternatively, if a user is associated with a 'high risk' IdP group, they can be excluded on that basis even if they meet all the other posture requirements.
+- **Exclude** rules define exceptions to access, overriding other rule types. If a user matches an "Exclude" rule, they're denied access regardless of other policy conditions. For example, a user may meet a requirement to use a MFA method during login, but if their specific [multifactor authentication (MFA) method](/cloudflare-one/policies/access/mfa-requirements/) is defined in an Exclude rule, they'll be blocked by the policy. Alternatively, if a user is associated with a 'high risk' IdP group, they can be excluded on that basis even if they meet all the other posture requirements.
 
 A useful way to imagine how these different types of rules are applied, is to imagine a funnel. Include selectors define what attributes of the user, traffic or device are included in the policy that will be Allowed, Blocked and so on. Require then further filters from that list what attributes must be associated with the user with the Exclude type filtering out users who have matched both the Include and Require.
 
