From 0099ce913429ce59047d5276c92bf96209ca8589 Mon Sep 17 00:00:00 2001
From: magakman <77816356+magakman@users.noreply.github.com>
Date: Fri, 22 Aug 2025 13:21:15 -0500
Subject: [PATCH] Update waf-javascript-challenge.md

Updated the limitations on the post body size due to differences between Azure front door and Application Gateway
---
 articles/web-application-firewall/waf-javascript-challenge.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/articles/web-application-firewall/waf-javascript-challenge.md b/articles/web-application-firewall/waf-javascript-challenge.md
index 1ac83e49e0bfa..c4ab93d91e05e 100644
--- a/articles/web-application-firewall/waf-javascript-challenge.md
+++ b/articles/web-application-firewall/waf-javascript-challenge.md
@@ -46,7 +46,7 @@ The WAF policy setting defines the JavaScript challenge cookie validity lifetime
 
 - **AJAX and API calls aren't supported**: JavaScript challenge doesn't apply to AJAX and API requests.
 
-- **POST body size restriction**: The first request that triggers a JavaScript challenge is blocked if its POST body exceeds 128 KB.
+- **POST body size restriction**: The first request that triggers a JavaScript challenge is blocked if its POST body exceeds 64 KB on Azure Front Door and 128 KB on Azure Application Gateway.
 
 - **Non-HTML embedded resources**: JavaScript challenge is designed for HTML resources. Challenges for non-HTML resources embedded in a page, such as images, CSS, JavaScript files, or similar resources, aren't supported. However, if there was a prior successful JavaScript challenge request, those limitations are lifted.