From e172a3c76aa58c17545f2b471e990e4c4a6c2a22 Mon Sep 17 00:00:00 2001 From: Zahava Brown Date: Thu, 2 Jul 2026 10:58:17 +0000 Subject: [PATCH] docs: document SECURITY_WAF_VIOLATION_TRANSPARENT for $app_protect_outcome_reason WAFMC-14828: the nginx access-log variable $app_protect_outcome_reason can emit SECURITY_WAF_VIOLATION_TRANSPARENT for requests allowed in transparent (would-block) mode. This brings the access-log documentation to parity with the security-log documentation (content/waf/logging/security-logs.md), which already lists this value. --- content/waf/logging/access-logs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/waf/logging/access-logs.md b/content/waf/logging/access-logs.md index 9292bb3817..3cbda55913 100644 --- a/content/waf/logging/access-logs.md +++ b/content/waf/logging/access-logs.md @@ -37,7 +37,7 @@ These are the variables added to Access Log. They are a subset of the Security l | ---| ---| --- | |$app_protect_support_id | Unique ID assigned to the request by F5 WAF for NGINX. | To be used to correlate the access log with the security log.
Left empty in failure mode. | |$app_protect_outcome | One of: | | -|$app_protect_outcome_reason | One of: | | +|$app_protect_outcome_reason | One of: | | |$app_protect_policy_name | The name of the policy that enforced the request. | | |$app_protect_version | The F5 WAF for NGINX version string: major.minor.build format. | Does not include the F5 NGINX plus version (e.g. R21). The latter is available in `$version` variable. |