[WAF] Update fields/functions for custom detection locations (#17597)

cloudflare · Oct 17, 2024 · 65c1918 · 65c1918
1 parent 37c4fef
commit 65c1918
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/src/content/docs/waf/detections/leaked-credentials/index.mdx b/src/content/docs/waf/detections/leaked-credentials/index.mdx
@@ -71,10 +71,11 @@ When specifying a custom detection location, only the location of the username f
 Expressions used to specify custom detection locations can include the following fields and functions:
 
 - Fields:
+  - [`http.request.body.form`](/ruleset-engine/rules-language/fields/http-request-body/#httprequestbodyform)
   - [`http.request.body.raw`](/ruleset-engine/rules-language/fields/http-request-body/#httprequestbodyraw)
 - Functions:
   - [`lookup_json_string()`](/ruleset-engine/rules-language/functions/#lookup_json_string)
-  - [`lower()`](/ruleset-engine/rules-language/functions/#lower)
+  - [`url_decode()`](/ruleset-engine/rules-language/functions/#url_decode)
 
 For instructions on configuring a custom detection location, refer to [Get started](/waf/detections/leaked-credentials/get-started/#4-optional-configure-a-custom-detection-location).