edit pass: azure-web-application-firewall-documentation

Author: ShawnJackson

articles/web-application-firewall/ag/waf-application-gateway-for-containers-overview.md

@@ -60,8 +60,8 @@ The following functionality isn't supported on a WAF policy that's associated wi
 
 Azure Web Application Firewall usage is billed separately from Application Gateway for Containers usage. When you enable Azure Web Application Firewall on your Application Gateway for Containers resource, two additional WAF-specific meters are added to your bill:
 
-- **Application Gateway for Containers WAF Hour**: A fixed cost charged for the duration that a security policy references a WAF policy.
-- **Application Gateway for Containers 1 million WAF Requests**: A consumption-based meter that bills per 1 million requests processed by the WAF and charges for each enabled rule set. For example, if you enable both the Default Rule Set (DRS) and the Bot Manager Rule Set, you're billed for two rule sets.
+- **1 AGC WAF Hour**: A fixed cost charged for the duration that a security policy references a WAF policy.
+- **1M WAF Requests**: A consumption-based meter that bills per 1 million requests processed by the WAF and charges for each enabled rule set. For example, if you enable both the Default Rule Set (DRS) and the Bot Manager Rule Set, you're billed for two rule sets.
 
 For more pricing information, see [Application Gateway pricing](https://azure.microsoft.com/pricing/details/application-gateway) and [Azure Web Application Firewall pricing](https://azure.microsoft.com/pricing/details/web-application-firewall).
 

articles/web-application-firewall/cdn/cdn-overview.md

@@ -12,16 +12,16 @@ ms.date: 10/16/2023
 
 # Azure Web Application Firewall on Azure Content Delivery Network
 
-An Azure Web Application Firewall deployment on Azure Content Delivery Network provides centralized protection for your web content. Azure Web Application Firewall defends your web services against common exploits and vulnerabilities. It keeps your service highly available for your users and helps you meet compliance requirements.
+An Azure Web Application Firewall deployment on Azure Content Delivery Network provides centralized protection for your web content. Azure Web Application Firewall defends your web services against common exploits and vulnerabilities. It helps keep your service highly available for your users and helps you meet compliance requirements.
 
 > [!IMPORTANT]
-> The preview of Azure Web Application Firewall on Azure Content Delivery Network is no longer accepting new customers. We encourage customers to use [Azure Web Application Firewall on Azure Front Door](../afds/afds-overview.md) instead. Existing customers are provided with a preview service-level agreement. Certain features might not be supported or might have constrained capabilities. For details, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+> The preview of Azure Web Application Firewall on Azure Content Delivery Network is no longer accepting new customers. We encourage customers to use [Azure Web Application Firewall on Azure Front Door](../afds/afds-overview.md) instead. We provide existing customers with a preview service-level agreement. Certain features might not be supported or might have constrained capabilities. For details, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
 
 Azure Web Application Firewall on Azure Content Delivery Network is a global and centralized solution. It's deployed on Azure network edge locations around the globe. Azure Web Application Firewall stops malicious attacks close to the attack sources, before they reach your origin. You get global protection at scale without sacrificing performance.
 
 A web application firewall (WAF) policy easily links to any content delivery network (CDN) endpoint in your subscription. You can deploy new rules within minutes, so you can respond quickly to changing threat patterns.
 
-![Diagram that shows how Azure Web Application Firewall on Azure Content Delivery Network acts on incoming requests.](../media/cdn-overview/waf-cdn-overview.png)
+![Diagram that shows how Azure Web Application Firewall on Azure Content Delivery Network takes action on incoming requests.](../media/cdn-overview/waf-cdn-overview.png)
 
 ## WAF policy and rules
 
@@ -32,7 +32,7 @@ You can configure a WAF policy and associate that policy with one or more CDN en
 
 When both are present, the WAF processes custom rules before processing the rules in a managed rule set. A rule consists of a match condition, a priority, and an action. Supported action types are `ALLOW`, `BLOCK`, `LOG`, and `REDIRECT`. You can create a fully customized policy that meets your specific requirements for application protection by combining managed and custom rules.
 
-The WAF processes rules within a policy in a priority order. Priority is a unique integer that defines the order of rules to process. Smaller numbers are a higher priority, and the WAF evaluates those rules before rules with a larger value. After the WAF matches a rule with a request, it applies the corresponding action that the rule defines to the request. After the WAF processes such a match, rules that have lower priorities aren't processed further.
+The WAF processes rules within a policy in a priority order. Priority is a unique integer that defines the order of rules to process. Smaller numbers are a higher priority, and the WAF evaluates those rules before rules that have a larger value. After the WAF matches a rule with a request, it applies the corresponding action that the rule defines to the request. After the WAF processes such a match, rules that have lower priorities aren't processed further.
 
 A web application hosted on Azure Content Delivery Network can have only one WAF policy associated with it at a time. However, you can have a CDN endpoint without any WAF policies associated with it. If a WAF policy is present, it's replicated to all edge locations to ensure consistent security policies across the world.
 
@@ -48,19 +48,19 @@ Custom rules can include:
 
     If you have a requirement to block requests on the source IP address that the WAF uses (for example, the proxy server address if the user is behind a proxy), you should use the Azure Front Door Standard or Premium tier. For more information, see [Configure an IP restriction rule with a WAF for Azure Front Door](../afds/waf-front-door-configure-ip-restriction.md).
 
-  - **Geographic based access control**: You can control access to your web applications based on the country code that's associated with a client's IP address.
+  - **Geographic-based access control**: You can control access to your web applications based on the country code that's associated with a client's IP address.
 
-  - **HTTP parameters-based access control**: You can base rules on string matches in HTTP or HTTPS request parameters. Examples includ query strings, `POST` arguments, request URI, request header, and request body.
+  - **HTTP parameters-based access control**: You can base rules on string matches in HTTP or HTTPS request parameters. Examples include query strings, `POST` arguments, request URI, request header, and request body.
 
-  - **Request method-based access control**: You base rules on the HTTP request method of the request. Examples include `GET`, `PUT`, and `HEAD`.
+  - **Request method-based access control**: You can base rules on the HTTP request method of the request. Examples include `GET`, `PUT`, and `HEAD`.
 
   - **Size constraint**: You can base rules on the lengths of specific parts of a request, such as query string, URI, or request body.
 
 - **Rate control rules**: These rules limit abnormally high traffic from any client IP address.
 
   You can configure a threshold on the number of web requests allowed from a client IP address during a one-minute duration. This rule is distinct from an IP list-based custom rule that either allows all or blocks all requests from a client IP address.
 
-  Rate limits can be combined with more match conditions, such as HTTP or HTTPS parameter matches for granular rate control.
+  Rate limits can be combined with more match conditions, such as HTTP or HTTPS parameter matches, for granular rate control.
 
 ### Azure-managed rule sets
 
@@ -80,14 +80,13 @@ The version number of the Default Rule Set increments when new attack signatures
 
 The Default Rule Set is enabled by default in *detection* mode in your WAF policies. You can disable or enable individual rules within the Default Rule Set to meet your application requirements. You can also set specific actions (`ALLOW`, `BLOCK`, `REDIRECT`, and `LOG`) per rule. The default action for the managed Default Rule Set is `BLOCK`.
 
-Custom rules are always applied before the WAF evaluates the rules in the Default Rule Set. If a request matches a custom rule, the WAF applies the corresponding rule action. The request is either blocked or passed through to the back end. No other custom rules or the rules in the Default Rule Set are processed. You can also remove the Default Rule Set from your WAF policies.
+Custom rules are always applied before the WAF evaluates the rules in the Default Rule Set. If a request matches a custom rule, the WAF applies the corresponding rule action. The request is either blocked or passed through to the back end. No other custom rules or rules in the Default Rule Set are processed. You can also remove the Default Rule Set from your WAF policies.
 
 ## WAF modes
 
 You can configure a WAF policy to run in the following two modes:
 
-- **Detection mode**: The WAF doesn't take any other actions other than monitoring and logging the request and its matched WAF rule to WAF logs. You can turn on logging diagnostics for Azure Content Delivery Network. When you use the portal, go to the **Diagnostics** section.
-
+- **Detection mode**: The WAF doesn't take any other actions other than monitoring and logging the request and its matched WAF rule to WAF logs. You can turn on logging diagnostics for Azure Content Delivery Network. When you use the Azure portal, go to the **Diagnostics** section.
 - **Prevention mode**: The WAF takes the specified action if a request matches a rule. If it finds a match, it doesn't evaluate any further rules that have a lower priority. Any matched requests are also logged in the WAF logs.
 
 ## WAF actions
@@ -96,12 +95,12 @@ You can choose one of the following actions when a request matches a rule's cond
 
 - **Allow**: The request passes through the WAF and is forwarded to the back end. No further lower-priority rules can block this request.
 - **Block**: The request is blocked. The WAF sends a response to the client without forwarding the request to the back end.
-- **Log**:  The request is logged in the WAF logs. The WAF continues evaluating lower-priority rules.
+- **Log**: The request is logged in the WAF logs. The WAF continues to evaluate lower-priority rules.
 - **Redirect**: The WAF redirects the request to the specified URI. The specified URI is a policy-level setting. After you configure the setting, all requests that match the **Redirect** action are sent to that URI.
 
 ## Configuration
 
-You can configure and deploy all WAF rule types using the Azure portal, REST APIs, Azure Resource Manager templates, and Azure PowerShell.
+You can configure and deploy all WAF rule types by using the Azure portal, REST APIs, Azure Resource Manager templates, and Azure PowerShell.
 
 ## Monitoring