Clarify payload content

pedrosousa · pedrosousa · commit 90978cb35aac · 2025-05-06T11:23:54.000+01:00
diff --git a/src/content/docs/waf/managed-rules/payload-logging/decrypt-in-logs.mdx b/src/content/docs/waf/managed-rules/payload-logging/decrypt-in-logs.mdx
@@ -23,6 +23,8 @@ Refer to the Worker project's [README](https://github.com/cloudflare/matched-dat
 
 ## Structure of `encrypted_matched_data` property in Logpush
 
+Payload information includes the specific string that triggered the rule, along with the text that appears immediately before and after the match.
+
 Once you decrypt its value, the `encrypted_matched_data` property of the `Metadata` field in Logpush has a structure similar to the following:
 
 ```jsonc
@@ -41,7 +43,7 @@ Once you decrypt its value, the `encrypted_matched_data` property of the `Metada
 }
 ```
 
-The `before` and `after` properties will contain at most 25 bytes of content appearing before and after the matched text.
+The `before` and `after` properties are optional (there may be no content before/after the matched text) and will contain at most 25 bytes of content appearing before and after the match.
 
 Below are a few examples of payload matches:
 
diff --git a/src/content/docs/waf/managed-rules/payload-logging/index.mdx b/src/content/docs/waf/managed-rules/payload-logging/index.mdx
@@ -7,12 +7,12 @@ sidebar:
 
 import { GlossaryTooltip } from "~/components";
 
-The WAF allows you to log the request information that triggered a specific rule of a managed ruleset. This information is known as the payload. Payload logging is especially useful when diagnosing the behavior of WAF rules. Since the values that triggered a rule may contain sensitive data, they are encrypted with a customer-provided public key so that only you can examine them later.
+The WAF allows you to log the request information that triggered a specific rule of a managed ruleset. This information is known as the payload. Payload information includes the specific string that triggered the rule, along with the text that appears immediately before and after the match.
 
-:::note
+Payload logging is especially useful when diagnosing the behavior of WAF rules. Since the values that triggered a rule may contain sensitive data, they are encrypted with a customer-provided public key so that only you can examine them later.
 
+:::note
 This feature is only available for customers on an Enterprise plan.
-
 :::
 
 ## Turn on payload logging
diff --git a/src/content/docs/waf/managed-rules/payload-logging/view.mdx b/src/content/docs/waf/managed-rules/payload-logging/view.mdx
@@ -21,6 +21,6 @@ View the content of the matched rule payload in the dashboard by entering your p
    The private key is not sent to a Cloudflare server. The decryption occurs entirely in the browser.
    :::
 
-If the private key you entered decrypts the encrypted payload successfully, the dashboard will show the fields that matched and the matched payload in clear text, including some text before and after the match.
+If the private key you entered decrypts the encrypted payload successfully, the dashboard will show the name of the fields that matched and the matched string in clear text, along with some text appearing before and after the match.
 
 ![Viewing the decrypted payload match data after entering your private key in the dashboard](~/assets/images/waf/transform-rules/payload-decrypted.png)
