[DLP] Body Phase selector (#25543)

maxvp · web-flow · commit a97e63b8bf42 · 2025-09-30T17:11:58.000-04:00
diff --git a/src/content/changelog/dlp/2025-09-25-body-phase-selector.mdx b/src/content/changelog/dlp/2025-09-25-body-phase-selector.mdx
@@ -8,7 +8,7 @@ date: 2025-09-25
 
 You can now more precisely control your HTTP DLP policies by specifying whether to scan the request or response body, helping to reduce false positives and target specific data flows.
 
-In the Gateway HTTP policy builder, you will find a new optional selector called _Body Phase_. This allows you to define the direction of traffic the DLP engine will inspect:
+In the Gateway HTTP policy builder, you will find a new selector called _Body Phase_. This allows you to define the direction of traffic the DLP engine will inspect:
 
 - _Request Body_: Scans data sent from a user's machine to an upstream service. This is ideal for monitoring data uploads, form submissions, or other user-initiated data exfiltration attempts.
 - _Response Body_: Scans data sent to a user's machine from an upstream service. Use this to inspect file downloads and website content for sensitive data.
@@ -17,4 +17,4 @@ For example, consider a policy that blocks Social Security Numbers (SSNs). Previ
 
 All policies without this selector will continue to scan both request and response bodies to ensure continued protection.
 
-For more information, refer to [Gateway HTTP policy selectors](/cloudflare-one/policies/gateway/http-policies/#selectors/).
+For more information, refer to [Gateway HTTP policy selectors](/cloudflare-one/policies/gateway/http-policies/#body-phase/).
diff --git a/src/content/docs/cloudflare-one/policies/gateway/http-policies/index.mdx b/src/content/docs/cloudflare-one/policies/gateway/http-policies/index.mdx
@@ -432,6 +432,18 @@ You can match traffic based on **Application Controls**, which group multiple us
 
 For more information, refer to [Application Granular Controls](/cloudflare-one/policies/gateway/http-policies/granular-controls/).
 
+### Body Phase
+
+The phase of an HTTP request. You can use this selector to specify whether to scan either the data sent in an HTTP request to your user's device or from your user's device to a destination. Policies without this selector will scan both the HTTP request and response bodies.
+
+| UI name    | API example                       |
+| ---------- | --------------------------------- |
+| Body Phase | `http.body_phase == \"download\"` |
+
+:::caution[Body phase mismatch]
+When combining this selector with the [Download and Upload File Types selectors](#download-and-upload-file-types), ensure you use the matching phase togethers. If body phase and file type selector logic do not match, the policy may not filter traffic as intended.
+:::
+
 ### Content Categories
 
 <Render
